diff --git a/rules/windows/create_stream_hash/create_stream_hash_susp_ip_domains.yml b/rules/windows/create_stream_hash/create_stream_hash_susp_ip_domains.yml
index c68a9ce6b..fb83898d4 100644
--- a/rules/windows/create_stream_hash/create_stream_hash_susp_ip_domains.yml
+++ b/rules/windows/create_stream_hash/create_stream_hash_susp_ip_domains.yml
@@ -1,5 +1,5 @@
-title: Unusual File Download from File Sharing Domain
-id: ae02ed70-11aa-4a22-b397-c0d0e8f6ea99
+title: Unusual File Download from Direct IP Address
+id: 025bd229-fd1f-4fdb-97ab-20006e1a5368
 status: experimental
 description: Detects the download of suspicious file type from URLs with IP
 author: Nasreddine Bencherchali
@@ -29,7 +29,6 @@ detection:
             - '.vbe:Zone'
             - '.vbs:Zone'
             - '.dll:Zone'
-            - ':Zone' # No extension
     condition: all of selection*
 falsepositives:
     - Unknown