This detection rule flags potential malicious downloads by monitoring HTTP requests through a proxy server. It specifically targets file types commonly associated with malware or unwanted software, such as executable files (e.g., .exe, .vbs, .bat) and document files (e.g., .doc, .xls). The rule checks for downloads originating from a pre-defined list of dynamic DNS hostnames, which are often used to mask malicious activities or command and control (C2) servers. By focusing on both the file extension and the hostnames, this rule aims to identify and alert on potentially nefarious downloads that could compromise endpoint security. The detection logic is implemented in a way that can be integrated into network-based security systems and is designed to minimize false positives by allowing common software downloads by trusted applications.