################################################################ # abuse.ch URLhaus IDS ruleset (Snort / Suricata) # # Last updated: 2021-07-25 05:04:05 (UTC) # # # # Terms Of Use: https://urlhaus.abuse.ch/api/ # # For questions please contact urlhaus [at] abuse.ch # ################################################################ # # url alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479756)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"111.38.123.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479756/; classtype:trojan-activity;sid:82342856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479757)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.209.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479757/; classtype:trojan-activity;sid:82342857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479758)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.239.0"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479758/; classtype:trojan-activity;sid:82342858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479755)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.190.83"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479755/; classtype:trojan-activity;sid:82342855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479754)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.254.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479754/; classtype:trojan-activity;sid:82342854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479753)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"46.6.10.83"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479753/; classtype:trojan-activity;sid:82342853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479752)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.183.76"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479752/; classtype:trojan-activity;sid:82342852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479751)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.32.106.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479751/; classtype:trojan-activity;sid:82342851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479749)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.121.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479749/; classtype:trojan-activity;sid:82342849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479750)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.226.79.66"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479750/; classtype:trojan-activity;sid:82342850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479748)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.252.176.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479748/; classtype:trojan-activity;sid:82342848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479745)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.122.252.230"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479745/; classtype:trojan-activity;sid:82342845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479746)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.54.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479746/; classtype:trojan-activity;sid:82342846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479747)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.28.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479747/; classtype:trojan-activity;sid:82342847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479744)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"201.143.22.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479744/; classtype:trojan-activity;sid:82342844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479742)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.179.216.182"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479742/; classtype:trojan-activity;sid:82342842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479743)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.176.141.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479743/; classtype:trojan-activity;sid:82342843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479741)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.157.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479741/; classtype:trojan-activity;sid:82342841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479738)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.223.81.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479738/; classtype:trojan-activity;sid:82342838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479739)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.191.201"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479739/; classtype:trojan-activity;sid:82342839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479740)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.173.57.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479740/; classtype:trojan-activity;sid:82342840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479736)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.85.187.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479736/; classtype:trojan-activity;sid:82342836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479737)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.28.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479737/; classtype:trojan-activity;sid:82342837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479735)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.10.150.40"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479735/; classtype:trojan-activity;sid:82342835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479731)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.157.42"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479731/; classtype:trojan-activity;sid:82342831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479732)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.20.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479732/; classtype:trojan-activity;sid:82342832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479733)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.191.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479733/; classtype:trojan-activity;sid:82342833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479734)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.196.155"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479734/; classtype:trojan-activity;sid:82342834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479730)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.54.76.23"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479730/; classtype:trojan-activity;sid:82342830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479726)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.229.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479726/; classtype:trojan-activity;sid:82342826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479727)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.30.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479727/; classtype:trojan-activity;sid:82342827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479728)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.112.30.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479728/; classtype:trojan-activity;sid:82342828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479729)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.202.102.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479729/; classtype:trojan-activity;sid:82342829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479723)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"172.97.136.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479723/; classtype:trojan-activity;sid:82342823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479724)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.142.209.118"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479724/; classtype:trojan-activity;sid:82342824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479725)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.40.85.2"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479725/; classtype:trojan-activity;sid:82342825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479722)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.137.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479722/; classtype:trojan-activity;sid:82342822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479718)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.25.134.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479718/; classtype:trojan-activity;sid:82342818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479720)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.31.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479720/; classtype:trojan-activity;sid:82342820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479721)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.183.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479721/; classtype:trojan-activity;sid:82342821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479715)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.247.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479715/; classtype:trojan-activity;sid:82342815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479716)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"122.195.17.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479716/; classtype:trojan-activity;sid:82342816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479717)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.25.135.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479717/; classtype:trojan-activity;sid:82342817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479714)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"91.124.115.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479714/; classtype:trojan-activity;sid:82342814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479713)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.66.105.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479713/; classtype:trojan-activity;sid:82342813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479711)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.253.14.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479711/; classtype:trojan-activity;sid:82342811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479712)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.59.152"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479712/; classtype:trojan-activity;sid:82342812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479710)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.43.109.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479710/; classtype:trojan-activity;sid:82342810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479708)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.45.33.238"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479708/; classtype:trojan-activity;sid:82342808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479709)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.47.120.215"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479709/; classtype:trojan-activity;sid:82342809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479707)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.252.31"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479707/; classtype:trojan-activity;sid:82342807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479705)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.185.133"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479705/; classtype:trojan-activity;sid:82342805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479706)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"31.163.131.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479706/; classtype:trojan-activity;sid:82342806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479703)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.168.132"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479703/; classtype:trojan-activity;sid:82342803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479704)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.130.218.153"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479704/; classtype:trojan-activity;sid:82342804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479701)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.116.244.45"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479701/; classtype:trojan-activity;sid:82342801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479702)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.181.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479702/; classtype:trojan-activity;sid:82342802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479700)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.233.177"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479700/; classtype:trojan-activity;sid:82342800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479699)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.154.29.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479699/; classtype:trojan-activity;sid:82342799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479698)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"1.10.133.253"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479698/; classtype:trojan-activity;sid:82342798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479697)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.54.76.23"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479697/; classtype:trojan-activity;sid:82342797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479696)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"183.17.227.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479696/; classtype:trojan-activity;sid:82342796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479695)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.94.193.49"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479695/; classtype:trojan-activity;sid:82342795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479694)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.144.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479694/; classtype:trojan-activity;sid:82342794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479693)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.54.58.122"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479693/; classtype:trojan-activity;sid:82342793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479692)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"31.173.122.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479692/; classtype:trojan-activity;sid:82342792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479691)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.87.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479691/; classtype:trojan-activity;sid:82342791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479688)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.15.89.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479688/; classtype:trojan-activity;sid:82342788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479689)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.229.158.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479689/; classtype:trojan-activity;sid:82342789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479690)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.114.91.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479690/; classtype:trojan-activity;sid:82342790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479687)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.179.161.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479687/; classtype:trojan-activity;sid:82342787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479686)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.204.222.27"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479686/; classtype:trojan-activity;sid:82342786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479684)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.251.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479684/; classtype:trojan-activity;sid:82342784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479685)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.15.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479685/; classtype:trojan-activity;sid:82342785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479681)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.129.130.89"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479681/; classtype:trojan-activity;sid:82342781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479682)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.22.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479682/; classtype:trojan-activity;sid:82342782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479683)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.13.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479683/; classtype:trojan-activity;sid:82342783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479679)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"118.250.3.208"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479679/; classtype:trojan-activity;sid:82342779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479680)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.122.113.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479680/; classtype:trojan-activity;sid:82342780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479678)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.95.81.117"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479678/; classtype:trojan-activity;sid:82342778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479676)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.86.175.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479676/; classtype:trojan-activity;sid:82342776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479675)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.58.22.31"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479675/; classtype:trojan-activity;sid:82342775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479671)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.173.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479671/; classtype:trojan-activity;sid:82342771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479672)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.46.46"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479672/; classtype:trojan-activity;sid:82342772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479673)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.94.180.21"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479673/; classtype:trojan-activity;sid:82342773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479670)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"41.86.5.113"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479670/; classtype:trojan-activity;sid:82342770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479666)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.248.149.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479666/; classtype:trojan-activity;sid:82342766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479667)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.249.73.41"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479667/; classtype:trojan-activity;sid:82342767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479668)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.66.241.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479668/; classtype:trojan-activity;sid:82342768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479669)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.77.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479669/; classtype:trojan-activity;sid:82342769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479665)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"194.158.218.47"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479665/; classtype:trojan-activity;sid:82342765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479664)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.5.32.90"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479664/; classtype:trojan-activity;sid:82342764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479663)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.5.47.31"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479663/; classtype:trojan-activity;sid:82342763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479660)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.45.37.162"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479660/; classtype:trojan-activity;sid:82342760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479661)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.181.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479661/; classtype:trojan-activity;sid:82342761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479662)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.46.54.160"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479662/; classtype:trojan-activity;sid:82342762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479659)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.50.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479659/; classtype:trojan-activity;sid:82342759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479658)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.201.197.148"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479658/; classtype:trojan-activity;sid:82342758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479657)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.82.148.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479657/; classtype:trojan-activity;sid:82342757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479655)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.20.201.245"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479655/; classtype:trojan-activity;sid:82342755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479656)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.70.83.150"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479656/; classtype:trojan-activity;sid:82342756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479653)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.226.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479653/; classtype:trojan-activity;sid:82342753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479654)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.121.146"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479654/; classtype:trojan-activity;sid:82342754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479652)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"41.78.172.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479652/; classtype:trojan-activity;sid:82342752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479651)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.99.40.141"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479651/; classtype:trojan-activity;sid:82342751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479650)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.17.227.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479650/; classtype:trojan-activity;sid:82342750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479649)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.22.31"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479649/; classtype:trojan-activity;sid:82342749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479646)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"49.89.231.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479646/; classtype:trojan-activity;sid:82342746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479644)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.133.252.109"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479644/; classtype:trojan-activity;sid:82342744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479643)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.179.162.109"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479643/; classtype:trojan-activity;sid:82342743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479642)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.58.224.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479642/; classtype:trojan-activity;sid:82342742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479637)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.131.4.3"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479637/; classtype:trojan-activity;sid:82342737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479638)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.89.4.250"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479638/; classtype:trojan-activity;sid:82342738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479639)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.4.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479639/; classtype:trojan-activity;sid:82342739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479640)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.96.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479640/; classtype:trojan-activity;sid:82342740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479641)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.254.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479641/; classtype:trojan-activity;sid:82342741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479636)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.142.103.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479636/; classtype:trojan-activity;sid:82342736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479634)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.154.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479634/; classtype:trojan-activity;sid:82342734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479633)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.3.183"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479633/; classtype:trojan-activity;sid:82342733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479632)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.254.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479632/; classtype:trojan-activity;sid:82342732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479631)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.79.147.81"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479631/; classtype:trojan-activity;sid:82342731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479629)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.148.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479629/; classtype:trojan-activity;sid:82342729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479630)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.30.12.254"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479630/; classtype:trojan-activity;sid:82342730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479628)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.101.140"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479628/; classtype:trojan-activity;sid:82342728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479625)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.108.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479625/; classtype:trojan-activity;sid:82342725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479626)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.180.169"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479626/; classtype:trojan-activity;sid:82342726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479627)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.40.141"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479627/; classtype:trojan-activity;sid:82342727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479623)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.85.198.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479623/; classtype:trojan-activity;sid:82342723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479624)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.15.90.38"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479624/; classtype:trojan-activity;sid:82342724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479622)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.214.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479622/; classtype:trojan-activity;sid:82342722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479621)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.107.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479621/; classtype:trojan-activity;sid:82342721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479619)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"90.150.203.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479619/; classtype:trojan-activity;sid:82342719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479618)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"49.112.198.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479618/; classtype:trojan-activity;sid:82342718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479615)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.120.230.195"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479615/; classtype:trojan-activity;sid:82342715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479617)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"191.53.7.128"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479617/; classtype:trojan-activity;sid:82342717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479614)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"171.37.3.137"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479614/; classtype:trojan-activity;sid:82342714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479613)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.204.70.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479613/; classtype:trojan-activity;sid:82342713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479609)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.51.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479609/; classtype:trojan-activity;sid:82342709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479610)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.30.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479610/; classtype:trojan-activity;sid:82342710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479611)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.46.137.230"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479611/; classtype:trojan-activity;sid:82342711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479607)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"101.108.9.186"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479607/; classtype:trojan-activity;sid:82342707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479608)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.182.78.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479608/; classtype:trojan-activity;sid:82342708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479605)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"109.61.235.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479605/; classtype:trojan-activity;sid:82342705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479606)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.148.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479606/; classtype:trojan-activity;sid:82342706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479601)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.5.42.112"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479601/; classtype:trojan-activity;sid:82342701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479600)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.125.76.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479600/; classtype:trojan-activity;sid:82342700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479598)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.124.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479598/; classtype:trojan-activity;sid:82342698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479599)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.54.180.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479599/; classtype:trojan-activity;sid:82342699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479594)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.204.218.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479594/; classtype:trojan-activity;sid:82342694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479595)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.45.38.201"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479595/; classtype:trojan-activity;sid:82342695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479597)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.125.184.82"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479597/; classtype:trojan-activity;sid:82342697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479593)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.86.232.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479593/; classtype:trojan-activity;sid:82342693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479591)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.88.209.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479591/; classtype:trojan-activity;sid:82342691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479590)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.80.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479590/; classtype:trojan-activity;sid:82342690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479588)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.171.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479588/; classtype:trojan-activity;sid:82342688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479589)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.45.61"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479589/; classtype:trojan-activity;sid:82342689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479585)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.249.84.82"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479585/; classtype:trojan-activity;sid:82342685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479587)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.177.10"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479587/; classtype:trojan-activity;sid:82342687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479583)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.249.81.102"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479583/; classtype:trojan-activity;sid:82342683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479584)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.248.149.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479584/; classtype:trojan-activity;sid:82342684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479576)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.84.115.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479576/; classtype:trojan-activity;sid:82342676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479572)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.76.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479572/; classtype:trojan-activity;sid:82342672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479573)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.173.42"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479573/; classtype:trojan-activity;sid:82342673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479574)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.85.173.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479574/; classtype:trojan-activity;sid:82342674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479575)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.25.107.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479575/; classtype:trojan-activity;sid:82342675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479570)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.146.107"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479570/; classtype:trojan-activity;sid:82342670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479571)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"118.251.153.129"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479571/; classtype:trojan-activity;sid:82342671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479567)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.59.57.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479567/; classtype:trojan-activity;sid:82342667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479568)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.116.230"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479568/; classtype:trojan-activity;sid:82342668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479565)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.214.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479565/; classtype:trojan-activity;sid:82342665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479566)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.10.110.0"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479566/; classtype:trojan-activity;sid:82342666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479563)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.254.93.167"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479563/; classtype:trojan-activity;sid:82342663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479561)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.94.203.13"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479561/; classtype:trojan-activity;sid:82342661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479557)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.83.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479557/; classtype:trojan-activity;sid:82342657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479558)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.87.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479558/; classtype:trojan-activity;sid:82342658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479559)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.211.26.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479559/; classtype:trojan-activity;sid:82342659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479560)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.212.167.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479560/; classtype:trojan-activity;sid:82342660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479555)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.96.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479555/; classtype:trojan-activity;sid:82342655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479556)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.45.38.193"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479556/; classtype:trojan-activity;sid:82342656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479554)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.57.220.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479554/; classtype:trojan-activity;sid:82342654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479551)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.179.167.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479551/; classtype:trojan-activity;sid:82342651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479552)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.71.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479552/; classtype:trojan-activity;sid:82342652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479553)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.122.255.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479553/; classtype:trojan-activity;sid:82342653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479548)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.4.92"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479548/; classtype:trojan-activity;sid:82342648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479549)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.53.246.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479549/; classtype:trojan-activity;sid:82342649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479550)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.116.178.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479550/; classtype:trojan-activity;sid:82342650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479545)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.30.110.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479545/; classtype:trojan-activity;sid:82342645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479546)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.232.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479546/; classtype:trojan-activity;sid:82342646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479547)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.201.202.138"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479547/; classtype:trojan-activity;sid:82342647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479544)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"1.10.146.148"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479544/; classtype:trojan-activity;sid:82342644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479543)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.7.10.128"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479543/; classtype:trojan-activity;sid:82342643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479542)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.10.110.0"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479542/; classtype:trojan-activity;sid:82342642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479541)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"49.89.196.19"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479541/; classtype:trojan-activity;sid:82342641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479539)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"85.110.157.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479539/; classtype:trojan-activity;sid:82342639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479538)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.253.11.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479538/; classtype:trojan-activity;sid:82342638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479537)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"75.141.159.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479537/; classtype:trojan-activity;sid:82342637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479536)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.80.64.177"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479536/; classtype:trojan-activity;sid:82342636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479533)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.139.81.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479533/; classtype:trojan-activity;sid:82342633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479534)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.101.187"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479534/; classtype:trojan-activity;sid:82342634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479530)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.87.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479530/; classtype:trojan-activity;sid:82342630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479526)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.35.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479526/; classtype:trojan-activity;sid:82342626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479527)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.187.109"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479527/; classtype:trojan-activity;sid:82342627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479528)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.85.165.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479528/; classtype:trojan-activity;sid:82342628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479529)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.111.194"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479529/; classtype:trojan-activity;sid:82342629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479523)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.68.186.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479523/; classtype:trojan-activity;sid:82342623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479524)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"104.7.141.172"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479524/; classtype:trojan-activity;sid:82342624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479525)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.30.1.177"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479525/; classtype:trojan-activity;sid:82342625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479521)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.95.8.128"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479521/; classtype:trojan-activity;sid:82342621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479519)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.212.156.31"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479519/; classtype:trojan-activity;sid:82342619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479520)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.104.237.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479520/; classtype:trojan-activity;sid:82342620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479517)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.209.180.72"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479517/; classtype:trojan-activity;sid:82342617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479516)"; flow:established,from_client; content:"GET"; http_method; content:"/ljezs/uytea.arm5"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.158.248.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479516/; classtype:trojan-activity;sid:82342616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479515)"; flow:established,from_client; content:"GET"; http_method; content:"/ljezs/uytea.x86"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.158.248.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479515/; classtype:trojan-activity;sid:82342615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479511)"; flow:established,from_client; content:"GET"; http_method; content:"/ljezs/uytea.m68k"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.158.248.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479511/; classtype:trojan-activity;sid:82342611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479512)"; flow:established,from_client; content:"GET"; http_method; content:"/ljezs/uytea.spc"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.158.248.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479512/; classtype:trojan-activity;sid:82342612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479513)"; flow:established,from_client; content:"GET"; http_method; content:"/ljezs/uytea.arm"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.158.248.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479513/; classtype:trojan-activity;sid:82342613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479514)"; flow:established,from_client; content:"GET"; http_method; content:"/ljezs/uytea.x86_64"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"185.158.248.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479514/; classtype:trojan-activity;sid:82342614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479507)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.253.11.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479507/; classtype:trojan-activity;sid:82342607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479508)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.255.18.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479508/; classtype:trojan-activity;sid:82342608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479509)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.172.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479509/; classtype:trojan-activity;sid:82342609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479506)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.234.151.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479506/; classtype:trojan-activity;sid:82342606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479505)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.54.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479505/; classtype:trojan-activity;sid:82342605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479504)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.245.216"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479504/; classtype:trojan-activity;sid:82342604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479503)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.215.222.192"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479503/; classtype:trojan-activity;sid:82342603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479502)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"122.195.31.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479502/; classtype:trojan-activity;sid:82342602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479499)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.95.82.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479499/; classtype:trojan-activity;sid:82342599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479500)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.215.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479500/; classtype:trojan-activity;sid:82342600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479498)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.218.144"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479498/; classtype:trojan-activity;sid:82342598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479497)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.162.117.36"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479497/; classtype:trojan-activity;sid:82342597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479490)"; flow:established,from_client; content:"GET"; http_method; content:"/ljezs/uytea.sh4"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.158.248.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479490/; classtype:trojan-activity;sid:82342590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479491)"; flow:established,from_client; content:"GET"; http_method; content:"/ljezs/uytea.arc"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.158.248.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479491/; classtype:trojan-activity;sid:82342591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479492)"; flow:established,from_client; content:"GET"; http_method; content:"/ljezs/uytea.arm6"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.158.248.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479492/; classtype:trojan-activity;sid:82342592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479493)"; flow:established,from_client; content:"GET"; http_method; content:"/ljezs/uytea.ppc"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.158.248.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479493/; classtype:trojan-activity;sid:82342593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479494)"; flow:established,from_client; content:"GET"; http_method; content:"/ljezs/uytea.mpsl"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.158.248.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479494/; classtype:trojan-activity;sid:82342594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479495)"; flow:established,from_client; content:"GET"; http_method; content:"/ljezs/uytea.arm7"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.158.248.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479495/; classtype:trojan-activity;sid:82342595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479489)"; flow:established,from_client; content:"GET"; http_method; content:"/ljezs/uytea.mips"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.158.248.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479489/; classtype:trojan-activity;sid:82342589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479476)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.16.107.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479476/; classtype:trojan-activity;sid:82342576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479477)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.248.85.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479477/; classtype:trojan-activity;sid:82342577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479478)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.249.73.107"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479478/; classtype:trojan-activity;sid:82342578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479472)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.97.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479472/; classtype:trojan-activity;sid:82342572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479473)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.248.75.145"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479473/; classtype:trojan-activity;sid:82342573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479474)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.121.146"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479474/; classtype:trojan-activity;sid:82342574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479475)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.215.254.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479475/; classtype:trojan-activity;sid:82342575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479470)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.213.139.168"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479470/; classtype:trojan-activity;sid:82342570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479471)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"186.33.125.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479471/; classtype:trojan-activity;sid:82342571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479469)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.201.192.199"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479469/; classtype:trojan-activity;sid:82342569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479464)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.207.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479464/; classtype:trojan-activity;sid:82342564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479465)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.169.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479465/; classtype:trojan-activity;sid:82342565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479466)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.37.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479466/; classtype:trojan-activity;sid:82342566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479468)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.102.97.204"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479468/; classtype:trojan-activity;sid:82342568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479461)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.83.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479461/; classtype:trojan-activity;sid:82342561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479462)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.87.32.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479462/; classtype:trojan-activity;sid:82342562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479463)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.179.215.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479463/; classtype:trojan-activity;sid:82342563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479460)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.239.9.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479460/; classtype:trojan-activity;sid:82342560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479459)"; flow:established,from_client; content:"GET"; http_method; content:"/0x83911d24fx.sh"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.158.248.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479459/; classtype:trojan-activity;sid:82342559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479456)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.45.58.176"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479456/; classtype:trojan-activity;sid:82342556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479457)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.94.206.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479457/; classtype:trojan-activity;sid:82342557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479454)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.26.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479454/; classtype:trojan-activity;sid:82342554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479455)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"171.240.154.171"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479455/; classtype:trojan-activity;sid:82342555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479453)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.62.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479453/; classtype:trojan-activity;sid:82342553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479452)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.235.72.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479452/; classtype:trojan-activity;sid:82342552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479450)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.165.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479450/; classtype:trojan-activity;sid:82342550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479451)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.71.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479451/; classtype:trojan-activity;sid:82342551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479446)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.174.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479446/; classtype:trojan-activity;sid:82342546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479448)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.213.41"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479448/; classtype:trojan-activity;sid:82342548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479444)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.208.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479444/; classtype:trojan-activity;sid:82342544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479445)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"157.122.105.218"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479445/; classtype:trojan-activity;sid:82342545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479443)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.147.88.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479443/; classtype:trojan-activity;sid:82342543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479442)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.167.86"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479442/; classtype:trojan-activity;sid:82342542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479440)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.30.110.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479440/; classtype:trojan-activity;sid:82342540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479439)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.10.146.148"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479439/; classtype:trojan-activity;sid:82342539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479438)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.173.226.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479438/; classtype:trojan-activity;sid:82342538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479436)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.248.149.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479436/; classtype:trojan-activity;sid:82342536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479433)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.238.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479433/; classtype:trojan-activity;sid:82342533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479434)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.252.176.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479434/; classtype:trojan-activity;sid:82342534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479435)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.249.73.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479435/; classtype:trojan-activity;sid:82342535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479430)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.249.88.165"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479430/; classtype:trojan-activity;sid:82342530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479432)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.255.211.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479432/; classtype:trojan-activity;sid:82342532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479429)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.40.116.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479429/; classtype:trojan-activity;sid:82342529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479427)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.138.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479427/; classtype:trojan-activity;sid:82342527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479428)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.45.59.166"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479428/; classtype:trojan-activity;sid:82342528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479425)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.124.137"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479425/; classtype:trojan-activity;sid:82342525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479426)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.41.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479426/; classtype:trojan-activity;sid:82342526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479424)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.45.185.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479424/; classtype:trojan-activity;sid:82342524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479423)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.209.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479423/; classtype:trojan-activity;sid:82342523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479422)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.204.211.236"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479422/; classtype:trojan-activity;sid:82342522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479420)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.30.110.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479420/; classtype:trojan-activity;sid:82342520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479419)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.54.122.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479419/; classtype:trojan-activity;sid:82342519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479418)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.90.191.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479418/; classtype:trojan-activity;sid:82342518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479417)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.30.192.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479417/; classtype:trojan-activity;sid:82342517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479416)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.30.4.84"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479416/; classtype:trojan-activity;sid:82342516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479414)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.253.12.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479414/; classtype:trojan-activity;sid:82342514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479413)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.40.100.38"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479413/; classtype:trojan-activity;sid:82342513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479412)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.249.87.63"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479412/; classtype:trojan-activity;sid:82342512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479411)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.225.36.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479411/; classtype:trojan-activity;sid:82342511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479410)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.38.114.94"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479410/; classtype:trojan-activity;sid:82342510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479409)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.40.73.27"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479409/; classtype:trojan-activity;sid:82342509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479407)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.27.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479407/; classtype:trojan-activity;sid:82342507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479406)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.46.253"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479406/; classtype:trojan-activity;sid:82342506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479405)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.85.164.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479405/; classtype:trojan-activity;sid:82342505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479404)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.8.24.209"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479404/; classtype:trojan-activity;sid:82342504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479403)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.59.211.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479403/; classtype:trojan-activity;sid:82342503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479401)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.188.115.78"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479401/; classtype:trojan-activity;sid:82342501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479399)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.10.146.30"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479399/; classtype:trojan-activity;sid:82342499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479398)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.122.170.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479398/; classtype:trojan-activity;sid:82342498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479396)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.249.88.125"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479396/; classtype:trojan-activity;sid:82342496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479392)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.253.9.1"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479392/; classtype:trojan-activity;sid:82342492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479393)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.43.109.229"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479393/; classtype:trojan-activity;sid:82342493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479395)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.37.209.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479395/; classtype:trojan-activity;sid:82342495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479390)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.248.143.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479390/; classtype:trojan-activity;sid:82342490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479391)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.220.129.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479391/; classtype:trojan-activity;sid:82342491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479387)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.238.128.59"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479387/; classtype:trojan-activity;sid:82342487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479388)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.253.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479388/; classtype:trojan-activity;sid:82342488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479389)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.116.216.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479389/; classtype:trojan-activity;sid:82342489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479384)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.154.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479384/; classtype:trojan-activity;sid:82342484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479385)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.120.44.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479385/; classtype:trojan-activity;sid:82342485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479383)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"121.205.220.119"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479383/; classtype:trojan-activity;sid:82342483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479382)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.83.32.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479382/; classtype:trojan-activity;sid:82342482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479381)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.122.170.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479381/; classtype:trojan-activity;sid:82342481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479380)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.94.199.21"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479380/; classtype:trojan-activity;sid:82342480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479379)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.65.138.125"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479379/; classtype:trojan-activity;sid:82342479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479378)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.36.49.226"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479378/; classtype:trojan-activity;sid:82342478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479377)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"49.89.224.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479377/; classtype:trojan-activity;sid:82342477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479376)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"49.70.84.82"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479376/; classtype:trojan-activity;sid:82342476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479373)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.249.78.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479373/; classtype:trojan-activity;sid:82342473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479374)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.148.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479374/; classtype:trojan-activity;sid:82342474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479370)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.17.1"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479370/; classtype:trojan-activity;sid:82342470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479369)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.43.113.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479369/; classtype:trojan-activity;sid:82342469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479368)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.7.171"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479368/; classtype:trojan-activity;sid:82342468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479367)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.0.186"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479367/; classtype:trojan-activity;sid:82342467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479364)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.204.211.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479364/; classtype:trojan-activity;sid:82342464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479365)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"118.250.3.187"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479365/; classtype:trojan-activity;sid:82342465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479366)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.134.63"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479366/; classtype:trojan-activity;sid:82342466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479362)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.89.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479362/; classtype:trojan-activity;sid:82342462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479363)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.175.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479363/; classtype:trojan-activity;sid:82342463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479359)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.21.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479359/; classtype:trojan-activity;sid:82342459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479358)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.112.103"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479358/; classtype:trojan-activity;sid:82342458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479357)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.71.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479357/; classtype:trojan-activity;sid:82342457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479356)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.133.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479356/; classtype:trojan-activity;sid:82342456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479355)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.246.222.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479355/; classtype:trojan-activity;sid:82342455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479354)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.27.118.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479354/; classtype:trojan-activity;sid:82342454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479352)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.42.194"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479352/; classtype:trojan-activity;sid:82342452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479351)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.108.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479351/; classtype:trojan-activity;sid:82342451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479349)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.71.11.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479349/; classtype:trojan-activity;sid:82342449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479348)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.182.236"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479348/; classtype:trojan-activity;sid:82342448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479347)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.134.163.77"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479347/; classtype:trojan-activity;sid:82342447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479345)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.208.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479345/; classtype:trojan-activity;sid:82342445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479346)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.238.78"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479346/; classtype:trojan-activity;sid:82342446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479341)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.105.102"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479341/; classtype:trojan-activity;sid:82342441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479342)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.85.239.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479342/; classtype:trojan-activity;sid:82342442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479343)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.214.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479343/; classtype:trojan-activity;sid:82342443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479338)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.43.32.111"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479338/; classtype:trojan-activity;sid:82342438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479336)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.87.202.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479336/; classtype:trojan-activity;sid:82342436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479335)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.237.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479335/; classtype:trojan-activity;sid:82342435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479334)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.201.194.99"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479334/; classtype:trojan-activity;sid:82342434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479333)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.109.122.87"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479333/; classtype:trojan-activity;sid:82342433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479332)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.62.62.79"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479332/; classtype:trojan-activity;sid:82342432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479329)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.248.151.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479329/; classtype:trojan-activity;sid:82342429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479327)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.45.35.135"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479327/; classtype:trojan-activity;sid:82342427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479326)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.209.51.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479326/; classtype:trojan-activity;sid:82342426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479323)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.255.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479323/; classtype:trojan-activity;sid:82342423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479324)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.6.94.47"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479324/; classtype:trojan-activity;sid:82342424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479325)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.216.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479325/; classtype:trojan-activity;sid:82342425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479322)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.9.5"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479322/; classtype:trojan-activity;sid:82342422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479316)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.85.167.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479316/; classtype:trojan-activity;sid:82342416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479315)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.237.2.123"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479315/; classtype:trojan-activity;sid:82342415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479312)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.204.216.225"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479312/; classtype:trojan-activity;sid:82342412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479313)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"122.159.208.64"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479313/; classtype:trojan-activity;sid:82342413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479314)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.239.143.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479314/; classtype:trojan-activity;sid:82342414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479311)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.211.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479311/; classtype:trojan-activity;sid:82342411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479310)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"111.26.85.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479310/; classtype:trojan-activity;sid:82342410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479308)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.155.16.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479308/; classtype:trojan-activity;sid:82342408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479307)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.10.147.48"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479307/; classtype:trojan-activity;sid:82342407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479305)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.92.244.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479305/; classtype:trojan-activity;sid:82342405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479306)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.85.237.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479306/; classtype:trojan-activity;sid:82342406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479304)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.23.170.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479304/; classtype:trojan-activity;sid:82342404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479303)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.125.236.123"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479303/; classtype:trojan-activity;sid:82342403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479300)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.7.42.126"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479300/; classtype:trojan-activity;sid:82342400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479301)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.85.197.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479301/; classtype:trojan-activity;sid:82342401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479299)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.85.164.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_25; reference:url, urlhaus.abuse.ch/url/1479299/; classtype:trojan-activity;sid:82342399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479298)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.59.232.155"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479298/; classtype:trojan-activity;sid:82342398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479295)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.249.82.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479295/; classtype:trojan-activity;sid:82342395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479296)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.173.194.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479296/; classtype:trojan-activity;sid:82342396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479297)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.31.209"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479297/; classtype:trojan-activity;sid:82342397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479294)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.171.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479294/; classtype:trojan-activity;sid:82342394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479290)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.249.74.49"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479290/; classtype:trojan-activity;sid:82342390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479291)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.67.225"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479291/; classtype:trojan-activity;sid:82342391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479292)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.225.187"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479292/; classtype:trojan-activity;sid:82342392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479293)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.214.226.67"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479293/; classtype:trojan-activity;sid:82342393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479289)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.65.28.99"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479289/; classtype:trojan-activity;sid:82342389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479288)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.206.188.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479288/; classtype:trojan-activity;sid:82342388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479287)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.94.61.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479287/; classtype:trojan-activity;sid:82342387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479286)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.235.198"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479286/; classtype:trojan-activity;sid:82342386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479285)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.123.182.148"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479285/; classtype:trojan-activity;sid:82342385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479284)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.89.126.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479284/; classtype:trojan-activity;sid:82342384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479283)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.182.113"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479283/; classtype:trojan-activity;sid:82342383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479281)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.53.145.136"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479281/; classtype:trojan-activity;sid:82342381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479282)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.95.9.1"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479282/; classtype:trojan-activity;sid:82342382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479280)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.85.174.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479280/; classtype:trojan-activity;sid:82342380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479279)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"118.233.221.128"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479279/; classtype:trojan-activity;sid:82342379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479278)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.85.196.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479278/; classtype:trojan-activity;sid:82342378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479277)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.88.66.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479277/; classtype:trojan-activity;sid:82342377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479276)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/peach.spc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"195.133.40.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479276/; classtype:trojan-activity;sid:82342376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479275)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"75.186.102.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479275/; classtype:trojan-activity;sid:82342375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479274)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.58.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479274/; classtype:trojan-activity;sid:82342374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479273)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.190.91.155"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479273/; classtype:trojan-activity;sid:82342373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479271)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.249.83.232"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479271/; classtype:trojan-activity;sid:82342371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479272)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.188.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479272/; classtype:trojan-activity;sid:82342372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479270)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.118.146.87"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479270/; classtype:trojan-activity;sid:82342370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479268)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.62.188.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479268/; classtype:trojan-activity;sid:82342368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479269)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.85.199.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479269/; classtype:trojan-activity;sid:82342369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479267)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.166.7.36"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479267/; classtype:trojan-activity;sid:82342367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479263)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.85.197.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479263/; classtype:trojan-activity;sid:82342363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479264)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"118.79.220.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479264/; classtype:trojan-activity;sid:82342364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479265)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.116.88.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479265/; classtype:trojan-activity;sid:82342365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479266)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.190.232"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479266/; classtype:trojan-activity;sid:82342366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479262)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.85.167.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479262/; classtype:trojan-activity;sid:82342362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479261)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.9.154.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479261/; classtype:trojan-activity;sid:82342361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479260)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.234.169.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479260/; classtype:trojan-activity;sid:82342360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479259)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"111.179.197.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479259/; classtype:trojan-activity;sid:82342359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479258)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"95.32.186.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479258/; classtype:trojan-activity;sid:82342358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479257)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.120.18.203"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479257/; classtype:trojan-activity;sid:82342357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479256)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"212.156.205.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479256/; classtype:trojan-activity;sid:82342356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479255)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.53.145.136"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479255/; classtype:trojan-activity;sid:82342355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479253)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.154.114.234"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479253/; classtype:trojan-activity;sid:82342353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479254)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.228.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479254/; classtype:trojan-activity;sid:82342354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479251)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"41.86.21.45"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479251/; classtype:trojan-activity;sid:82342351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479252)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"41.86.18.157"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479252/; classtype:trojan-activity;sid:82342352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479250)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"41.86.5.239"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479250/; classtype:trojan-activity;sid:82342350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479249)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.5.210"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479249/; classtype:trojan-activity;sid:82342349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479248)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"180.116.223.213"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479248/; classtype:trojan-activity;sid:82342348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479247)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.114.184"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479247/; classtype:trojan-activity;sid:82342347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479246)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.95.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479246/; classtype:trojan-activity;sid:82342346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479245)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.196.104.22"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479245/; classtype:trojan-activity;sid:82342345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479242)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.74.22.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479242/; classtype:trojan-activity;sid:82342342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479243)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"171.38.193.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479243/; classtype:trojan-activity;sid:82342343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479244)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.179.168.153"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479244/; classtype:trojan-activity;sid:82342344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479240)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.121.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479240/; classtype:trojan-activity;sid:82342340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479241)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.179.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479241/; classtype:trojan-activity;sid:82342341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479239)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.145.244"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479239/; classtype:trojan-activity;sid:82342339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479238)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.122.112.69"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479238/; classtype:trojan-activity;sid:82342338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479237)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.120.18.203"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479237/; classtype:trojan-activity;sid:82342337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479235)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.38.68.127"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479235/; classtype:trojan-activity;sid:82342335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479236)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.5.41.130"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479236/; classtype:trojan-activity;sid:82342336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479233)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.40.122.102"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479233/; classtype:trojan-activity;sid:82342333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479234)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.101.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479234/; classtype:trojan-activity;sid:82342334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479229)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.26.183"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479229/; classtype:trojan-activity;sid:82342329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479230)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.134.172.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479230/; classtype:trojan-activity;sid:82342330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479231)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.252.176.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479231/; classtype:trojan-activity;sid:82342331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479232)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.102.92"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479232/; classtype:trojan-activity;sid:82342332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479228)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.97.138.119"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479228/; classtype:trojan-activity;sid:82342328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479227)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.207.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479227/; classtype:trojan-activity;sid:82342327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479226)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.165.157"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479226/; classtype:trojan-activity;sid:82342326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479225)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.239.59.253"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479225/; classtype:trojan-activity;sid:82342325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479224)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"101.108.78.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479224/; classtype:trojan-activity;sid:82342324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479222)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/peach.mips"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"195.133.40.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479222/; classtype:trojan-activity;sid:82342322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479223)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/peach.m68k"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"195.133.40.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479223/; classtype:trojan-activity;sid:82342323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479221)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/peach.arm7"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"195.133.40.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479221/; classtype:trojan-activity;sid:82342321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479218)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/peach.mpsl"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"195.133.40.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479218/; classtype:trojan-activity;sid:82342318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479219)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/peach.x86"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"195.133.40.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479219/; classtype:trojan-activity;sid:82342319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479220)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/peach.ppc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"195.133.40.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479220/; classtype:trojan-activity;sid:82342320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479216)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/peach.arm"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"195.133.40.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479216/; classtype:trojan-activity;sid:82342316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479217)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/peach.arm5"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"195.133.40.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479217/; classtype:trojan-activity;sid:82342317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479214)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/peach.sh4"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"195.133.40.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479214/; classtype:trojan-activity;sid:82342314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479215)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/peach.arm6"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"195.133.40.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479215/; classtype:trojan-activity;sid:82342315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479213)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.46.53.238"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479213/; classtype:trojan-activity;sid:82342313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479212)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.197.29.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479212/; classtype:trojan-activity;sid:82342312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479208)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.26.224"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479208/; classtype:trojan-activity;sid:82342308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479209)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.252.176.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479209/; classtype:trojan-activity;sid:82342309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479210)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"91.124.88.63"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479210/; classtype:trojan-activity;sid:82342310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479211)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.248.152.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479211/; classtype:trojan-activity;sid:82342311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479207)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.104.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479207/; classtype:trojan-activity;sid:82342307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479206)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.201.204.229"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479206/; classtype:trojan-activity;sid:82342306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479205)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.104.43.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479205/; classtype:trojan-activity;sid:82342305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479204)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.154.115.156"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479204/; classtype:trojan-activity;sid:82342304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479203)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.243.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479203/; classtype:trojan-activity;sid:82342303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479202)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.230.43.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479202/; classtype:trojan-activity;sid:82342302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479200)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.85.254.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479200/; classtype:trojan-activity;sid:82342300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479201)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.166.152"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479201/; classtype:trojan-activity;sid:82342301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479198)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.201.202.225"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479198/; classtype:trojan-activity;sid:82342298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479199)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.201.203.115"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479199/; classtype:trojan-activity;sid:82342299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479197)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.63.81.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479197/; classtype:trojan-activity;sid:82342297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479195)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.85.202"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479195/; classtype:trojan-activity;sid:82342295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479196)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.179.165.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479196/; classtype:trojan-activity;sid:82342296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479194)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.91.245.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479194/; classtype:trojan-activity;sid:82342294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479192)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.166.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479192/; classtype:trojan-activity;sid:82342292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479193)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"101.108.133.199"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479193/; classtype:trojan-activity;sid:82342293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479191)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.122.112.69"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479191/; classtype:trojan-activity;sid:82342291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479190)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.6.157.40"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479190/; classtype:trojan-activity;sid:82342290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479189)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.184.148.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479189/; classtype:trojan-activity;sid:82342289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479188)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.121.129.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479188/; classtype:trojan-activity;sid:82342288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479187)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.32.186.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479187/; classtype:trojan-activity;sid:82342287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479186)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"84.211.242.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479186/; classtype:trojan-activity;sid:82342286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479185)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.135.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479185/; classtype:trojan-activity;sid:82342285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479182)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.42.207.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479182/; classtype:trojan-activity;sid:82342282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479183)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"49.89.117.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479183/; classtype:trojan-activity;sid:82342283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479184)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.94.180.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479184/; classtype:trojan-activity;sid:82342284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479180)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.38.140.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479180/; classtype:trojan-activity;sid:82342280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479181)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.255.18.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479181/; classtype:trojan-activity;sid:82342281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479179)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"170.244.193.168"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479179/; classtype:trojan-activity;sid:82342279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479178)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.122.192.53"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479178/; classtype:trojan-activity;sid:82342278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479177)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.131.183"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479177/; classtype:trojan-activity;sid:82342277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479176)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.8.26.84"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479176/; classtype:trojan-activity;sid:82342276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479175)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.8.187.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479175/; classtype:trojan-activity;sid:82342275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479172)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.204.210.31"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479172/; classtype:trojan-activity;sid:82342272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479173)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.0.49.2"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479173/; classtype:trojan-activity;sid:82342273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479174)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.85.172.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479174/; classtype:trojan-activity;sid:82342274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479171)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.57.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479171/; classtype:trojan-activity;sid:82342271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479170)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.201.20.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479170/; classtype:trojan-activity;sid:82342270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479169)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.108.235.222"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479169/; classtype:trojan-activity;sid:82342269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479167)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.148.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479167/; classtype:trojan-activity;sid:82342267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479168)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.108.62.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479168/; classtype:trojan-activity;sid:82342268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479166)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.201.204.229"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479166/; classtype:trojan-activity;sid:82342266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479163)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.45.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479163/; classtype:trojan-activity;sid:82342263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479164)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.17.219"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479164/; classtype:trojan-activity;sid:82342264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479165)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.26.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479165/; classtype:trojan-activity;sid:82342265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479161)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.29.154"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479161/; classtype:trojan-activity;sid:82342261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479162)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.168.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479162/; classtype:trojan-activity;sid:82342262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479160)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.47.120.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479160/; classtype:trojan-activity;sid:82342260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479159)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.5.19.71"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479159/; classtype:trojan-activity;sid:82342259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479157)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.158.158.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479157/; classtype:trojan-activity;sid:82342257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479158)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.185.131.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479158/; classtype:trojan-activity;sid:82342258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479156)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.21.230"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479156/; classtype:trojan-activity;sid:82342256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479155)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.114.253.205"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479155/; classtype:trojan-activity;sid:82342255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479154)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.116.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479154/; classtype:trojan-activity;sid:82342254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479153)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.0.38.52"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479153/; classtype:trojan-activity;sid:82342253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479151)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.92.17"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479151/; classtype:trojan-activity;sid:82342251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479152)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.85.172.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479152/; classtype:trojan-activity;sid:82342252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479149)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.21.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479149/; classtype:trojan-activity;sid:82342249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479150)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.252.246.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479150/; classtype:trojan-activity;sid:82342250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479148)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.45.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479148/; classtype:trojan-activity;sid:82342248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479146)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.85.238.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479146/; classtype:trojan-activity;sid:82342246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479147)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.85.174.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479147/; classtype:trojan-activity;sid:82342247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479145)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.255.192.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479145/; classtype:trojan-activity;sid:82342245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479144)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.179.169.169"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479144/; classtype:trojan-activity;sid:82342244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479143)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.208.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479143/; classtype:trojan-activity;sid:82342243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479142)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.51.39.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479142/; classtype:trojan-activity;sid:82342242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479141)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.97.143.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479141/; classtype:trojan-activity;sid:82342241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479140)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.89.40.81"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479140/; classtype:trojan-activity;sid:82342240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479139)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"49.89.243.247"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479139/; classtype:trojan-activity;sid:82342239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479138)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.74.250.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479138/; classtype:trojan-activity;sid:82342238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479134)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.232.171.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479134/; classtype:trojan-activity;sid:82342234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479135)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.45.35.128"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479135/; classtype:trojan-activity;sid:82342235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479136)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.248.78.250"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479136/; classtype:trojan-activity;sid:82342236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479137)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.88.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479137/; classtype:trojan-activity;sid:82342237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479133)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"49.89.224.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479133/; classtype:trojan-activity;sid:82342233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479132)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.120.196.119"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479132/; classtype:trojan-activity;sid:82342232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479131)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"170.238.141.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479131/; classtype:trojan-activity;sid:82342231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479130)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.221.187.92"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479130/; classtype:trojan-activity;sid:82342230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479127)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.85.238.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479127/; classtype:trojan-activity;sid:82342227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479128)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.206.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479128/; classtype:trojan-activity;sid:82342228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479129)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.59.220.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479129/; classtype:trojan-activity;sid:82342229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479126)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.255.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479126/; classtype:trojan-activity;sid:82342226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479125)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.18.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479125/; classtype:trojan-activity;sid:82342225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479124)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.233.65.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479124/; classtype:trojan-activity;sid:82342224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479123)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"105.96.3.110"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479123/; classtype:trojan-activity;sid:82342223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479122)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.88.211.143"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479122/; classtype:trojan-activity;sid:82342222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479121)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.156.96.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479121/; classtype:trojan-activity;sid:82342221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479120)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.202.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479120/; classtype:trojan-activity;sid:82342220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479119)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.249.74.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479119/; classtype:trojan-activity;sid:82342219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479118)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.249.82.196"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479118/; classtype:trojan-activity;sid:82342218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479116)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.253.15.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479116/; classtype:trojan-activity;sid:82342216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479117)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"41.86.19.212"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479117/; classtype:trojan-activity;sid:82342217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479115)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.219.126.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479115/; classtype:trojan-activity;sid:82342215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479113)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.122.112.41"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479113/; classtype:trojan-activity;sid:82342213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479114)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.249.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479114/; classtype:trojan-activity;sid:82342214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479112)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.83.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479112/; classtype:trojan-activity;sid:82342212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479111)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.0.38.52"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479111/; classtype:trojan-activity;sid:82342211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479110)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.39.88"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479110/; classtype:trojan-activity;sid:82342210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479109)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.41.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479109/; classtype:trojan-activity;sid:82342209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479107)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.85.171.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479107/; classtype:trojan-activity;sid:82342207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479108)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.169.25"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479108/; classtype:trojan-activity;sid:82342208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479106)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.62.105.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479106/; classtype:trojan-activity;sid:82342206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479105)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.54.172.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479105/; classtype:trojan-activity;sid:82342205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479104)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.2.163.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479104/; classtype:trojan-activity;sid:82342204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479103)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.247.87.253"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479103/; classtype:trojan-activity;sid:82342203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479101)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.82.146.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479101/; classtype:trojan-activity;sid:82342201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479102)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.107.113.22"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479102/; classtype:trojan-activity;sid:82342202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479100)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.59.207.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479100/; classtype:trojan-activity;sid:82342200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479098)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.78.116.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479098/; classtype:trojan-activity;sid:82342198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479099)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.183.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479099/; classtype:trojan-activity;sid:82342199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479097)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.253.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479097/; classtype:trojan-activity;sid:82342197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479095)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.74.124"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479095/; classtype:trojan-activity;sid:82342195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479096)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.7.194.139"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479096/; classtype:trojan-activity;sid:82342196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479093)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.97.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479093/; classtype:trojan-activity;sid:82342193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479094)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.104.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479094/; classtype:trojan-activity;sid:82342194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479092)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.38.143.17"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479092/; classtype:trojan-activity;sid:82342192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479091)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.122.112.69"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479091/; classtype:trojan-activity;sid:82342191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479088)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.38.71.148"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479088/; classtype:trojan-activity;sid:82342188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479089)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.20.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479089/; classtype:trojan-activity;sid:82342189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479090)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.187.251.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479090/; classtype:trojan-activity;sid:82342190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479087)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.122.255.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479087/; classtype:trojan-activity;sid:82342187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479086)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.96.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479086/; classtype:trojan-activity;sid:82342186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479085)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.99.223.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479085/; classtype:trojan-activity;sid:82342185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479084)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.87.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479084/; classtype:trojan-activity;sid:82342184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479083)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.85.197.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479083/; classtype:trojan-activity;sid:82342183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479082)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.139.32.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479082/; classtype:trojan-activity;sid:82342182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479081)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.125.159.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479081/; classtype:trojan-activity;sid:82342181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479079)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.45.147"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479079/; classtype:trojan-activity;sid:82342179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479080)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.204.210.28"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479080/; classtype:trojan-activity;sid:82342180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479077)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.40.34.117"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479077/; classtype:trojan-activity;sid:82342177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479078)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.85.209.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479078/; classtype:trojan-activity;sid:82342178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479074)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.59.223.124"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479074/; classtype:trojan-activity;sid:82342174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479075)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.201.193.65"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479075/; classtype:trojan-activity;sid:82342175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479076)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.168.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479076/; classtype:trojan-activity;sid:82342176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479073)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.95.82.250"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479073/; classtype:trojan-activity;sid:82342173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479072)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"111.179.197.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479072/; classtype:trojan-activity;sid:82342172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479071)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/peach.spc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"37.0.8.192"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479071/; classtype:trojan-activity;sid:82342171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479070)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.45.197"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479070/; classtype:trojan-activity;sid:82342170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479069)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"97.127.164.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479069/; classtype:trojan-activity;sid:82342169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479068)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.193.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479068/; classtype:trojan-activity;sid:82342168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479067)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.224.171.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479067/; classtype:trojan-activity;sid:82342167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479065)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.139.17.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479065/; classtype:trojan-activity;sid:82342165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479066)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.0.208.96"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479066/; classtype:trojan-activity;sid:82342166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479061)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.17.122"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479061/; classtype:trojan-activity;sid:82342161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479062)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.237.57.173"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479062/; classtype:trojan-activity;sid:82342162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479063)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.249.79.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479063/; classtype:trojan-activity;sid:82342163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479064)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"218.255.226.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479064/; classtype:trojan-activity;sid:82342164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479060)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.255.43.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479060/; classtype:trojan-activity;sid:82342160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479058)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.101.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479058/; classtype:trojan-activity;sid:82342158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479059)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.46.52.124"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479059/; classtype:trojan-activity;sid:82342159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479057)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.30.1.119"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479057/; classtype:trojan-activity;sid:82342157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479056)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.42.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479056/; classtype:trojan-activity;sid:82342156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479055)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.85.238.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479055/; classtype:trojan-activity;sid:82342155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479054)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"171.121.255.13"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479054/; classtype:trojan-activity;sid:82342154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479053)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.123.68.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479053/; classtype:trojan-activity;sid:82342153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479052)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"118.79.4.96"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479052/; classtype:trojan-activity;sid:82342152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479051)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.234.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479051/; classtype:trojan-activity;sid:82342151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479050)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.137.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479050/; classtype:trojan-activity;sid:82342150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479048)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.54.134.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479048/; classtype:trojan-activity;sid:82342148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479049)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.87.253.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479049/; classtype:trojan-activity;sid:82342149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479047)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.123.169.153"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479047/; classtype:trojan-activity;sid:82342147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479046)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.241.119.25"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479046/; classtype:trojan-activity;sid:82342146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479045)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.66.67.166"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479045/; classtype:trojan-activity;sid:82342145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479044)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.29.92.173"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479044/; classtype:trojan-activity;sid:82342144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479043)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.141.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479043/; classtype:trojan-activity;sid:82342143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479042)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.44.70.220"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479042/; classtype:trojan-activity;sid:82342142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479041)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.115.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479041/; classtype:trojan-activity;sid:82342141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479040)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.108.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479040/; classtype:trojan-activity;sid:82342140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479038)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.125.136.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479038/; classtype:trojan-activity;sid:82342138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479039)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.238.188"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479039/; classtype:trojan-activity;sid:82342139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479037)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.61.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479037/; classtype:trojan-activity;sid:82342137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479035)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"139.190.238.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479035/; classtype:trojan-activity;sid:82342135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479036)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.12.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479036/; classtype:trojan-activity;sid:82342136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479034)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.159.115.133"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479034/; classtype:trojan-activity;sid:82342134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479033)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"171.36.166.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479033/; classtype:trojan-activity;sid:82342133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479032)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.249.21.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479032/; classtype:trojan-activity;sid:82342132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479031)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.207.182.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479031/; classtype:trojan-activity;sid:82342131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479030)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"173.16.26.64"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479030/; classtype:trojan-activity;sid:82342130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479029)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.134.175.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479029/; classtype:trojan-activity;sid:82342129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479027)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.164.139.139"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479027/; classtype:trojan-activity;sid:82342127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479028)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.225.51.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479028/; classtype:trojan-activity;sid:82342128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479024)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.76.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479024/; classtype:trojan-activity;sid:82342124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479025)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.28.115"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479025/; classtype:trojan-activity;sid:82342125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479026)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.61.106.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479026/; classtype:trojan-activity;sid:82342126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479023)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.169.70"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479023/; classtype:trojan-activity;sid:82342123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479018)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.40.122.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479018/; classtype:trojan-activity;sid:82342118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479019)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.4.112.186"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479019/; classtype:trojan-activity;sid:82342119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479020)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.238.190.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479020/; classtype:trojan-activity;sid:82342120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479021)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.175.120.139"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479021/; classtype:trojan-activity;sid:82342121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479022)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.228.73.49"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479022/; classtype:trojan-activity;sid:82342122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479017)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.252.13"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479017/; classtype:trojan-activity;sid:82342117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479016)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"1.36.43.218"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479016/; classtype:trojan-activity;sid:82342116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479015)"; flow:established,from_client; content:"GET"; http_method; content:"/download/pl_installer.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"predatorcarry.xyz"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479015/; classtype:trojan-activity;sid:82342115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479014)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.98.239.119"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479014/; classtype:trojan-activity;sid:82342114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479013)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.28.149"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479013/; classtype:trojan-activity;sid:82342113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479012)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.141.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479012/; classtype:trojan-activity;sid:82342112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479010)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.197.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479010/; classtype:trojan-activity;sid:82342110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479011)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.20.212"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479011/; classtype:trojan-activity;sid:82342111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479006)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"49.89.241.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479006/; classtype:trojan-activity;sid:82342106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479007)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.232.102.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479007/; classtype:trojan-activity;sid:82342107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479008)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.249.82.234"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479008/; classtype:trojan-activity;sid:82342108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479009)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.121.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479009/; classtype:trojan-activity;sid:82342109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479005)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.248.114.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479005/; classtype:trojan-activity;sid:82342105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479003)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"139.190.238.183"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479003/; classtype:trojan-activity;sid:82342103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479004)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.178.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479004/; classtype:trojan-activity;sid:82342104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479001)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.219.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479001/; classtype:trojan-activity;sid:82342101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479002)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.85.196.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479002/; classtype:trojan-activity;sid:82342102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478999)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.116.49.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478999/; classtype:trojan-activity;sid:82342099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1479000)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.62.154.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1479000/; classtype:trojan-activity;sid:82342100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478997)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.186.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478997/; classtype:trojan-activity;sid:82342097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478998)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"151.51.132.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478998/; classtype:trojan-activity;sid:82342098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478996)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.71.195.79"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478996/; classtype:trojan-activity;sid:82342096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478995)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/peach.spc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"195.133.40.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478995/; classtype:trojan-activity;sid:82342095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478994)"; flow:established,from_client; content:"GET"; http_method; content:"/d/xd.spc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"199.195.253.174"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478994/; classtype:trojan-activity;sid:82342094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478993)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.102.41.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478993/; classtype:trojan-activity;sid:82342093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478992)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.61.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478992/; classtype:trojan-activity;sid:82342092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478991)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.248.143.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478991/; classtype:trojan-activity;sid:82342091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478990)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.168.142.255"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478990/; classtype:trojan-activity;sid:82342090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478988)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.177.78.149"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478988/; classtype:trojan-activity;sid:82342088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478989)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.248.146.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478989/; classtype:trojan-activity;sid:82342089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478987)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"69.117.26.232"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478987/; classtype:trojan-activity;sid:82342087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478986)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.165.129.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478986/; classtype:trojan-activity;sid:82342086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478984)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.49.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478984/; classtype:trojan-activity;sid:82342084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478985)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.47.77.198"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478985/; classtype:trojan-activity;sid:82342085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478983)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.43.112.245"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478983/; classtype:trojan-activity;sid:82342083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478982)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.43.112.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478982/; classtype:trojan-activity;sid:82342082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478981)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.197.30.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478981/; classtype:trojan-activity;sid:82342081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478980)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.221.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478980/; classtype:trojan-activity;sid:82342080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478979)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.196.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478979/; classtype:trojan-activity;sid:82342079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478978)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.190.106.104"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478978/; classtype:trojan-activity;sid:82342078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478977)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.169.12.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478977/; classtype:trojan-activity;sid:82342077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478974)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.204.216.174"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478974/; classtype:trojan-activity;sid:82342074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478975)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.0.68"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478975/; classtype:trojan-activity;sid:82342075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478976)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.144.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478976/; classtype:trojan-activity;sid:82342076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478971)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.61.119.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478971/; classtype:trojan-activity;sid:82342071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478972)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.125.25.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478972/; classtype:trojan-activity;sid:82342072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478973)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.235.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478973/; classtype:trojan-activity;sid:82342073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478970)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.167.149"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478970/; classtype:trojan-activity;sid:82342070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478969)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.204.211.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478969/; classtype:trojan-activity;sid:82342069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478968)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.239.99.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478968/; classtype:trojan-activity;sid:82342068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478967)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.237.180.249"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478967/; classtype:trojan-activity;sid:82342067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478966)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.102.41.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478966/; classtype:trojan-activity;sid:82342066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478965)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"121.61.102.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478965/; classtype:trojan-activity;sid:82342065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478964)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"68.198.130.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478964/; classtype:trojan-activity;sid:82342064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478963)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.30.110.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478963/; classtype:trojan-activity;sid:82342063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478962)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/peach.m68k"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"37.0.8.192"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478962/; classtype:trojan-activity;sid:82342062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478961)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/peach.arm5"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"37.0.8.192"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478961/; classtype:trojan-activity;sid:82342061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478959)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"49.89.231.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478959/; classtype:trojan-activity;sid:82342059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478960)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/peach.arm6"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"37.0.8.192"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478960/; classtype:trojan-activity;sid:82342060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478957)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.210.164.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478957/; classtype:trojan-activity;sid:82342057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478958)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/peach.mips"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"37.0.8.192"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478958/; classtype:trojan-activity;sid:82342058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478955)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"2.196.132.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478955/; classtype:trojan-activity;sid:82342055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478956)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/peach.mpsl"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"37.0.8.192"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478956/; classtype:trojan-activity;sid:82342056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478953)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/peach.ppc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"37.0.8.192"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478953/; classtype:trojan-activity;sid:82342053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478954)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/peach.x86"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"37.0.8.192"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478954/; classtype:trojan-activity;sid:82342054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478951)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/peach.arm7"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"37.0.8.192"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478951/; classtype:trojan-activity;sid:82342051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478952)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.194.26.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478952/; classtype:trojan-activity;sid:82342052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478949)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.102.69"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478949/; classtype:trojan-activity;sid:82342049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478950)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/peach.arm"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"37.0.8.192"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478950/; classtype:trojan-activity;sid:82342050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478948)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.190.106.104"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478948/; classtype:trojan-activity;sid:82342048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478946)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.94.195.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478946/; classtype:trojan-activity;sid:82342046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478947)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.149.145"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478947/; classtype:trojan-activity;sid:82342047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478945)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.40.75.172"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478945/; classtype:trojan-activity;sid:82342045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478944)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/peach.sh4"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"37.0.8.192"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478944/; classtype:trojan-activity;sid:82342044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478943)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.13.15.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478943/; classtype:trojan-activity;sid:82342043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478942)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.85.172.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478942/; classtype:trojan-activity;sid:82342042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478941)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.125.237.41"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478941/; classtype:trojan-activity;sid:82342041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478938)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.187.224.88"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478938/; classtype:trojan-activity;sid:82342038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478939)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.85.164.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478939/; classtype:trojan-activity;sid:82342039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478940)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.136.113.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478940/; classtype:trojan-activity;sid:82342040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478937)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.255.108.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478937/; classtype:trojan-activity;sid:82342037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478936)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.240.227.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478936/; classtype:trojan-activity;sid:82342036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478935)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.25.158.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478935/; classtype:trojan-activity;sid:82342035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478933)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.233.167"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478933/; classtype:trojan-activity;sid:82342033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478934)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.30.157"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478934/; classtype:trojan-activity;sid:82342034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478931)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.194.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478931/; classtype:trojan-activity;sid:82342031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478932)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.193.57"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478932/; classtype:trojan-activity;sid:82342032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478930)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.249.89.115"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478930/; classtype:trojan-activity;sid:82342030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478929)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.182.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478929/; classtype:trojan-activity;sid:82342029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478927)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"49.89.231.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478927/; classtype:trojan-activity;sid:82342027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478928)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"31.173.122.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478928/; classtype:trojan-activity;sid:82342028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478926)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"121.61.102.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478926/; classtype:trojan-activity;sid:82342026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478925)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.168.196.53"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478925/; classtype:trojan-activity;sid:82342025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478923)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.208.22.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478923/; classtype:trojan-activity;sid:82342023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478924)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"31.163.189.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478924/; classtype:trojan-activity;sid:82342024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478922)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.9.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478922/; classtype:trojan-activity;sid:82342022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478920)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.85.199.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478920/; classtype:trojan-activity;sid:82342020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478921)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.246.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478921/; classtype:trojan-activity;sid:82342021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478919)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.166.189.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478919/; classtype:trojan-activity;sid:82342019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478918)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.47.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478918/; classtype:trojan-activity;sid:82342018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478917)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.230.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478917/; classtype:trojan-activity;sid:82342017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478916)"; flow:established,from_client; content:"GET"; http_method; content:"/d/xd.x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"199.195.253.174"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478916/; classtype:trojan-activity;sid:82342016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478913)"; flow:established,from_client; content:"GET"; http_method; content:"/d/xd.sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"199.195.253.174"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478913/; classtype:trojan-activity;sid:82342013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478914)"; flow:established,from_client; content:"GET"; http_method; content:"/d/xd.arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"199.195.253.174"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478914/; classtype:trojan-activity;sid:82342014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478915)"; flow:established,from_client; content:"GET"; http_method; content:"/d/xd.mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"199.195.253.174"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478915/; classtype:trojan-activity;sid:82342015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478912)"; flow:established,from_client; content:"GET"; http_method; content:"/d/xd.arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"199.195.253.174"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478912/; classtype:trojan-activity;sid:82342012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478907)"; flow:established,from_client; content:"GET"; http_method; content:"/d/xd.m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"199.195.253.174"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478907/; classtype:trojan-activity;sid:82342007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478908)"; flow:established,from_client; content:"GET"; http_method; content:"/d/xd.mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"199.195.253.174"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478908/; classtype:trojan-activity;sid:82342008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478909)"; flow:established,from_client; content:"GET"; http_method; content:"/d/xd.arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"199.195.253.174"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478909/; classtype:trojan-activity;sid:82342009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478910)"; flow:established,from_client; content:"GET"; http_method; content:"/d/xd.ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"199.195.253.174"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478910/; classtype:trojan-activity;sid:82342010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478911)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.100.146"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478911/; classtype:trojan-activity;sid:82342011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478906)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.177.24.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478906/; classtype:trojan-activity;sid:82342006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478905)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"68.198.130.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478905/; classtype:trojan-activity;sid:82342005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478904)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.248.148.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478904/; classtype:trojan-activity;sid:82342004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478903)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"175.199.0.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478903/; classtype:trojan-activity;sid:82342003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478901)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.27.68"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478901/; classtype:trojan-activity;sid:82342001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478902)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.249.85.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478902/; classtype:trojan-activity;sid:82342002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478898)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.40.76.102"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478898/; classtype:trojan-activity;sid:82341998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478899)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.207.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478899/; classtype:trojan-activity;sid:82341999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478900)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.97.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478900/; classtype:trojan-activity;sid:82342000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478897)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.56.217.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478897/; classtype:trojan-activity;sid:82341997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478896)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.204.211.76"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478896/; classtype:trojan-activity;sid:82341996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478895)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.251.48.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478895/; classtype:trojan-activity;sid:82341995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478894)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.25.133.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478894/; classtype:trojan-activity;sid:82341994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478893)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.254.85.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478893/; classtype:trojan-activity;sid:82341993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478892)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.251.187.53"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478892/; classtype:trojan-activity;sid:82341992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478891)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"1.10.147.48"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478891/; classtype:trojan-activity;sid:82341991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478890)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.182.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478890/; classtype:trojan-activity;sid:82341990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478889)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"49.70.84.70"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478889/; classtype:trojan-activity;sid:82341989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478888)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.24.201"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478888/; classtype:trojan-activity;sid:82341988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478887)"; flow:established,from_client; content:"GET"; http_method; content:"/ww/p4glorysetp.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"37.0.11.8"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478887/; classtype:trojan-activity;sid:82341987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478886)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.203.98.145"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478886/; classtype:trojan-activity;sid:82341986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478885)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.252.13"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478885/; classtype:trojan-activity;sid:82341985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478884)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.92.217.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478884/; classtype:trojan-activity;sid:82341984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478883)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.204.219.151"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478883/; classtype:trojan-activity;sid:82341983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478882)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.201.198.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478882/; classtype:trojan-activity;sid:82341982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478881)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.73.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478881/; classtype:trojan-activity;sid:82341981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478880)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.85.185.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478880/; classtype:trojan-activity;sid:82341980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478879)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.98.35.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478879/; classtype:trojan-activity;sid:82341979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478877)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"118.79.114.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478877/; classtype:trojan-activity;sid:82341977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478878)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.85.166.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478878/; classtype:trojan-activity;sid:82341978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478876)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.30.110.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478876/; classtype:trojan-activity;sid:82341976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478875)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"121.25.78.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478875/; classtype:trojan-activity;sid:82341975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478874)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.201.207.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478874/; classtype:trojan-activity;sid:82341974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478873)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.55.32.221"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478873/; classtype:trojan-activity;sid:82341973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478872)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.44.29"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478872/; classtype:trojan-activity;sid:82341972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478871)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"88.129.60.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478871/; classtype:trojan-activity;sid:82341971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478868)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.40.75.172"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478868/; classtype:trojan-activity;sid:82341968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478869)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.46.44.214"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478869/; classtype:trojan-activity;sid:82341969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478870)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.101.25"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478870/; classtype:trojan-activity;sid:82341970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478867)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.162.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478867/; classtype:trojan-activity;sid:82341967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478864)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.237.7.28"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478864/; classtype:trojan-activity;sid:82341964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478865)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.117.0"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478865/; classtype:trojan-activity;sid:82341965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478866)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.121.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478866/; classtype:trojan-activity;sid:82341966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478863)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.248.147.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478863/; classtype:trojan-activity;sid:82341963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478862)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"58.55.44.205"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478862/; classtype:trojan-activity;sid:82341962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478861)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"213.226.140.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478861/; classtype:trojan-activity;sid:82341961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478859)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.34.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478859/; classtype:trojan-activity;sid:82341959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478860)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.179.238.190"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478860/; classtype:trojan-activity;sid:82341960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478858)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.85.170.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478858/; classtype:trojan-activity;sid:82341958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478857)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.251.54.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478857/; classtype:trojan-activity;sid:82341957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478856)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.205.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478856/; classtype:trojan-activity;sid:82341956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478855)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.116.4.123"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478855/; classtype:trojan-activity;sid:82341955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478854)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.0.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478854/; classtype:trojan-activity;sid:82341954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478853)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"93.155.194.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478853/; classtype:trojan-activity;sid:82341953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478852)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.54.76.41"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478852/; classtype:trojan-activity;sid:82341952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478851)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.94.203.121"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478851/; classtype:trojan-activity;sid:82341951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478850)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.32.169"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478850/; classtype:trojan-activity;sid:82341950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478849)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.26.64"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478849/; classtype:trojan-activity;sid:82341949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478847)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.3.128"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478847/; classtype:trojan-activity;sid:82341947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478848)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.154.99.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478848/; classtype:trojan-activity;sid:82341948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478844)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.40.75.171"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478844/; classtype:trojan-activity;sid:82341944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478845)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.134.162.102"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478845/; classtype:trojan-activity;sid:82341945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478846)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.139.106.171"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478846/; classtype:trojan-activity;sid:82341946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478842)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.248.83.127"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478842/; classtype:trojan-activity;sid:82341942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478843)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.190.91.188"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478843/; classtype:trojan-activity;sid:82341943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478841)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"121.25.78.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478841/; classtype:trojan-activity;sid:82341941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478839)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.50.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478839/; classtype:trojan-activity;sid:82341939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478840)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"177.22.234.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478840/; classtype:trojan-activity;sid:82341940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478837)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.74.135.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478837/; classtype:trojan-activity;sid:82341937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478838)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.57.219.253"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478838/; classtype:trojan-activity;sid:82341938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478836)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.85.174.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478836/; classtype:trojan-activity;sid:82341936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478834)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.224.224.113"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478834/; classtype:trojan-activity;sid:82341934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478835)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"171.81.104.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478835/; classtype:trojan-activity;sid:82341935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478832)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.26.49"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478832/; classtype:trojan-activity;sid:82341932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478833)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.45.53"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478833/; classtype:trojan-activity;sid:82341933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478831)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.20.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478831/; classtype:trojan-activity;sid:82341931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478830)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.123.216.100"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478830/; classtype:trojan-activity;sid:82341930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478829)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"111.76.118.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478829/; classtype:trojan-activity;sid:82341929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478828)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.55.166"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478828/; classtype:trojan-activity;sid:82341928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478826)"; flow:established,from_client; content:"GET"; http_method; content:"/usa/moet.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"37.0.11.8"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478826/; classtype:trojan-activity;sid:82341926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478827)"; flow:established,from_client; content:"GET"; http_method; content:"/usa/ghazals.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"37.0.11.8"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478827/; classtype:trojan-activity;sid:82341927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478825)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.222.169.171"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478825/; classtype:trojan-activity;sid:82341925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478824)"; flow:established,from_client; content:"GET"; http_method; content:"/usa/netframework.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"37.0.11.8"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478824/; classtype:trojan-activity;sid:82341924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478823)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.55.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478823/; classtype:trojan-activity;sid:82341923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478822)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/peach.arm7"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"195.133.40.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478822/; classtype:trojan-activity;sid:82341922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478821)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/peach.ppc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"195.133.40.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478821/; classtype:trojan-activity;sid:82341921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478819)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.141.133.218"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478819/; classtype:trojan-activity;sid:82341919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478820)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.21.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478820/; classtype:trojan-activity;sid:82341920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478818)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/peach.mpsl"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"195.133.40.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478818/; classtype:trojan-activity;sid:82341918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478815)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/peach.m68k"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"195.133.40.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478815/; classtype:trojan-activity;sid:82341915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478816)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/peach.arm"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"195.133.40.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478816/; classtype:trojan-activity;sid:82341916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478817)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.5.127"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478817/; classtype:trojan-activity;sid:82341917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478814)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.170.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478814/; classtype:trojan-activity;sid:82341914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478813)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/peach.arm6"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"195.133.40.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478813/; classtype:trojan-activity;sid:82341913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478809)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/peach.x86"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"195.133.40.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478809/; classtype:trojan-activity;sid:82341909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478810)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/peach.sh4"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"195.133.40.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478810/; classtype:trojan-activity;sid:82341910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478811)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/peach.arm5"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"195.133.40.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478811/; classtype:trojan-activity;sid:82341911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478812)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/peach.mips"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"195.133.40.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478812/; classtype:trojan-activity;sid:82341912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478808)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.120.16.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478808/; classtype:trojan-activity;sid:82341908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478807)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.53.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478807/; classtype:trojan-activity;sid:82341907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478806)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"177.125.74.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478806/; classtype:trojan-activity;sid:82341906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478805)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.17.34"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478805/; classtype:trojan-activity;sid:82341905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478802)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"118.254.177.143"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478802/; classtype:trojan-activity;sid:82341902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478803)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.46.160.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478803/; classtype:trojan-activity;sid:82341903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478804)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.178.248"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478804/; classtype:trojan-activity;sid:82341904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478801)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.4.152"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478801/; classtype:trojan-activity;sid:82341901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478799)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.125.193.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478799/; classtype:trojan-activity;sid:82341899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478800)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.19.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478800/; classtype:trojan-activity;sid:82341900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478798)"; flow:established,from_client; content:"GET"; http_method; content:"/ww/file1.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"37.0.11.8"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478798/; classtype:trojan-activity;sid:82341898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478797)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.87.24.204"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478797/; classtype:trojan-activity;sid:82341897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478796)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.51.110.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478796/; classtype:trojan-activity;sid:82341896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478795)"; flow:established,from_client; content:"GET"; http_method; content:"/ww/file3.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"37.0.11.8"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478795/; classtype:trojan-activity;sid:82341895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478794)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"74.133.49.173"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478794/; classtype:trojan-activity;sid:82341894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478793)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.201.202.6"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478793/; classtype:trojan-activity;sid:82341893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478792)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.86.79.198"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478792/; classtype:trojan-activity;sid:82341892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478790)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.248.85.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478790/; classtype:trojan-activity;sid:82341890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478791)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.43.113.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478791/; classtype:trojan-activity;sid:82341891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478788)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.248.143.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478788/; classtype:trojan-activity;sid:82341888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478789)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.253.12.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478789/; classtype:trojan-activity;sid:82341889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478787)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.59.170.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478787/; classtype:trojan-activity;sid:82341887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478786)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.164.46.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478786/; classtype:trojan-activity;sid:82341886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478785)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.45.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478785/; classtype:trojan-activity;sid:82341885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478782)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.175.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478782/; classtype:trojan-activity;sid:82341882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478783)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.85.172.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478783/; classtype:trojan-activity;sid:82341883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478784)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.179.217.143"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478784/; classtype:trojan-activity;sid:82341884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478781)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.139.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478781/; classtype:trojan-activity;sid:82341881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478780)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.212.142.147"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478780/; classtype:trojan-activity;sid:82341880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478779)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.185.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478779/; classtype:trojan-activity;sid:82341879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478778)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"111.165.184.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478778/; classtype:trojan-activity;sid:82341878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478777)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.251.56.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478777/; classtype:trojan-activity;sid:82341877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478776)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.141.133.218"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478776/; classtype:trojan-activity;sid:82341876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478775)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.54.172.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478775/; classtype:trojan-activity;sid:82341875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478774)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.54.22"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478774/; classtype:trojan-activity;sid:82341874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478772)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.46.47.206"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478772/; classtype:trojan-activity;sid:82341872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478773)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.75.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478773/; classtype:trojan-activity;sid:82341873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478771)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.150.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478771/; classtype:trojan-activity;sid:82341871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478770)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.253.8.39"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478770/; classtype:trojan-activity;sid:82341870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478769)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.44.68.205"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478769/; classtype:trojan-activity;sid:82341869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478768)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.135.56.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478768/; classtype:trojan-activity;sid:82341868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478767)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.88.185.53"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478767/; classtype:trojan-activity;sid:82341867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478766)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.253.100"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478766/; classtype:trojan-activity;sid:82341866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478764)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.157.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478764/; classtype:trojan-activity;sid:82341864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478765)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.15.88.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478765/; classtype:trojan-activity;sid:82341865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478763)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.171.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478763/; classtype:trojan-activity;sid:82341863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478760)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.161.11"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478760/; classtype:trojan-activity;sid:82341860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478761)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.118.237.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478761/; classtype:trojan-activity;sid:82341861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478762)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.204.223.25"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478762/; classtype:trojan-activity;sid:82341862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478758)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.167.33.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478758/; classtype:trojan-activity;sid:82341858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478759)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.85.174.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478759/; classtype:trojan-activity;sid:82341859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478757)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.175.65"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478757/; classtype:trojan-activity;sid:82341857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478755)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.83.167.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478755/; classtype:trojan-activity;sid:82341855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478756)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.54.110.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478756/; classtype:trojan-activity;sid:82341856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478754)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.239.103.85"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478754/; classtype:trojan-activity;sid:82341854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478751)"; flow:established,from_client; content:"GET"; http_method; content:"/ww/file6.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"37.0.11.8"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478751/; classtype:trojan-activity;sid:82341851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478752)"; flow:established,from_client; content:"GET"; http_method; content:"/ww/file2.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"37.0.11.8"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478752/; classtype:trojan-activity;sid:82341852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478753)"; flow:established,from_client; content:"GET"; http_method; content:"/ww/file5.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"37.0.11.8"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478753/; classtype:trojan-activity;sid:82341853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478750)"; flow:established,from_client; content:"GET"; http_method; content:"/archiv/power.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"103.253.43.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478750/; classtype:trojan-activity;sid:82341850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478749)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"14.241.244.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478749/; classtype:trojan-activity;sid:82341849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478748)"; flow:established,from_client; content:"GET"; http_method; content:"/ww/file4.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"37.0.11.8"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478748/; classtype:trojan-activity;sid:82341848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478747)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.143.149"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478747/; classtype:trojan-activity;sid:82341847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478746)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.94.198.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478746/; classtype:trojan-activity;sid:82341846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478745)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"49.89.171.228"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478745/; classtype:trojan-activity;sid:82341845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478744)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"49.89.199.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478744/; classtype:trojan-activity;sid:82341844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478742)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.248.153.255"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478742/; classtype:trojan-activity;sid:82341842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478743)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.31.122"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478743/; classtype:trojan-activity;sid:82341843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478740)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.225.197.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478740/; classtype:trojan-activity;sid:82341840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478741)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.140.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478741/; classtype:trojan-activity;sid:82341841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478738)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.252.203.124"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478738/; classtype:trojan-activity;sid:82341838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478739)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.248.144.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478739/; classtype:trojan-activity;sid:82341839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478737)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.140.228"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478737/; classtype:trojan-activity;sid:82341837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478736)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.224.56.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478736/; classtype:trojan-activity;sid:82341836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478735)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.176.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478735/; classtype:trojan-activity;sid:82341835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478734)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.249.77.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478734/; classtype:trojan-activity;sid:82341834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478733)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.10.37.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478733/; classtype:trojan-activity;sid:82341833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478731)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.12.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478731/; classtype:trojan-activity;sid:82341831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478732)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.200.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478732/; classtype:trojan-activity;sid:82341832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478730)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.234.143.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478730/; classtype:trojan-activity;sid:82341830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478729)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.158.235.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478729/; classtype:trojan-activity;sid:82341829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478728)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.179.168.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478728/; classtype:trojan-activity;sid:82341828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478727)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.235.78.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478727/; classtype:trojan-activity;sid:82341827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478726)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.62.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478726/; classtype:trojan-activity;sid:82341826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478724)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.8.90.55"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478724/; classtype:trojan-activity;sid:82341824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478725)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.125.137.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478725/; classtype:trojan-activity;sid:82341825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478722)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.112.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478722/; classtype:trojan-activity;sid:82341822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478723)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.30.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478723/; classtype:trojan-activity;sid:82341823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478721)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.209.63.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478721/; classtype:trojan-activity;sid:82341821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478720)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.241.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478720/; classtype:trojan-activity;sid:82341820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478719)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.128.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478719/; classtype:trojan-activity;sid:82341819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478718)"; flow:established,from_client; content:"GET"; http_method; content:"/ww/file8.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"37.0.11.8"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478718/; classtype:trojan-activity;sid:82341818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478717)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.83.56.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478717/; classtype:trojan-activity;sid:82341817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478714)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"118.28.249.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478714/; classtype:trojan-activity;sid:82341814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478715)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.220.63.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478715/; classtype:trojan-activity;sid:82341815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478716)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.164.137.14"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478716/; classtype:trojan-activity;sid:82341816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478712)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.164.139.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478712/; classtype:trojan-activity;sid:82341812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478713)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"172.36.35.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478713/; classtype:trojan-activity;sid:82341813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478711)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"177.22.235.119"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478711/; classtype:trojan-activity;sid:82341811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478708)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"111.167.160.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478708/; classtype:trojan-activity;sid:82341808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478709)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.37.54"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478709/; classtype:trojan-activity;sid:82341809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478710)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.0.133.111"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478710/; classtype:trojan-activity;sid:82341810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478707)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.72.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478707/; classtype:trojan-activity;sid:82341807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478706)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.180.136.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478706/; classtype:trojan-activity;sid:82341806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478705)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.249.74.225"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478705/; classtype:trojan-activity;sid:82341805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478704)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.201.44.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478704/; classtype:trojan-activity;sid:82341804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478703)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.163.148.0"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478703/; classtype:trojan-activity;sid:82341803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478702)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.81.155.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478702/; classtype:trojan-activity;sid:82341802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478701)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.255.196.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478701/; classtype:trojan-activity;sid:82341801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478700)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"203.6.209.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478700/; classtype:trojan-activity;sid:82341800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478699)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.46.18.193"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478699/; classtype:trojan-activity;sid:82341799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478698)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.236.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478698/; classtype:trojan-activity;sid:82341798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478696)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.131.127"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478696/; classtype:trojan-activity;sid:82341796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478697)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.124.135.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478697/; classtype:trojan-activity;sid:82341797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478695)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"189.39.195.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478695/; classtype:trojan-activity;sid:82341795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478694)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"101.64.163.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478694/; classtype:trojan-activity;sid:82341794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478693)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.125.237.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478693/; classtype:trojan-activity;sid:82341793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478691)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.251.52.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478691/; classtype:trojan-activity;sid:82341791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478692)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.72.62.6"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478692/; classtype:trojan-activity;sid:82341792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478690)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.96.253.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478690/; classtype:trojan-activity;sid:82341790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478686)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.89.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478686/; classtype:trojan-activity;sid:82341786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478687)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.93.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478687/; classtype:trojan-activity;sid:82341787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478688)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.92.204"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478688/; classtype:trojan-activity;sid:82341788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478689)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.217.199"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478689/; classtype:trojan-activity;sid:82341789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478684)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.8.178.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478684/; classtype:trojan-activity;sid:82341784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478685)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.13.159.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478685/; classtype:trojan-activity;sid:82341785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478683)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.7.148.63"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478683/; classtype:trojan-activity;sid:82341783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478682)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"111.92.107.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478682/; classtype:trojan-activity;sid:82341782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478681)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.201.230.116"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478681/; classtype:trojan-activity;sid:82341781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478680)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"183.151.192.52"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478680/; classtype:trojan-activity;sid:82341780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478679)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.84.2"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478679/; classtype:trojan-activity;sid:82341779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478677)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.253.13.105"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478677/; classtype:trojan-activity;sid:82341777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478678)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.46.47.60"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478678/; classtype:trojan-activity;sid:82341778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478675)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.235.35.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478675/; classtype:trojan-activity;sid:82341775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478676)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"49.89.170.239"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478676/; classtype:trojan-activity;sid:82341776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478674)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.99.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478674/; classtype:trojan-activity;sid:82341774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478673)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.16.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478673/; classtype:trojan-activity;sid:82341773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478672)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.30.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478672/; classtype:trojan-activity;sid:82341772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478671)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.85.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478671/; classtype:trojan-activity;sid:82341771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478670)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.85.238.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478670/; classtype:trojan-activity;sid:82341770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478669)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.241.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478669/; classtype:trojan-activity;sid:82341769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478667)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.179.162.28"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478667/; classtype:trojan-activity;sid:82341767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478668)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.179.162.199"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478668/; classtype:trojan-activity;sid:82341768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478666)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.251.52.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478666/; classtype:trojan-activity;sid:82341766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478665)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.21.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478665/; classtype:trojan-activity;sid:82341765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478664)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.85.173.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478664/; classtype:trojan-activity;sid:82341764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478663)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.199.143"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478663/; classtype:trojan-activity;sid:82341763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478662)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.116.178.221"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478662/; classtype:trojan-activity;sid:82341762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478659)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.97.180.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478659/; classtype:trojan-activity;sid:82341759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478660)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.67.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478660/; classtype:trojan-activity;sid:82341760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478661)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.145.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478661/; classtype:trojan-activity;sid:82341761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478658)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.28.133"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478658/; classtype:trojan-activity;sid:82341758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478657)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.78.68.116"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478657/; classtype:trojan-activity;sid:82341757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478656)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.24.88"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478656/; classtype:trojan-activity;sid:82341756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478655)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.47.142.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478655/; classtype:trojan-activity;sid:82341755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478653)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.45.37.170"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478653/; classtype:trojan-activity;sid:82341753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478654)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.38.172.191"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478654/; classtype:trojan-activity;sid:82341754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478652)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.142.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478652/; classtype:trojan-activity;sid:82341752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478651)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.173.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478651/; classtype:trojan-activity;sid:82341751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478648)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.5.47.145"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478648/; classtype:trojan-activity;sid:82341748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478649)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.121.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478649/; classtype:trojan-activity;sid:82341749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478650)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.132.42"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478650/; classtype:trojan-activity;sid:82341750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478647)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.236.184"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478647/; classtype:trojan-activity;sid:82341747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478646)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.70.78"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478646/; classtype:trojan-activity;sid:82341746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478644)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.240.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478644/; classtype:trojan-activity;sid:82341744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478645)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.60.176.234"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478645/; classtype:trojan-activity;sid:82341745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478642)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.16.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478642/; classtype:trojan-activity;sid:82341742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478643)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.47.143.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478643/; classtype:trojan-activity;sid:82341743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478639)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.79.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478639/; classtype:trojan-activity;sid:82341739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478640)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.106.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478640/; classtype:trojan-activity;sid:82341740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478641)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.121.3"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478641/; classtype:trojan-activity;sid:82341741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478638)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.131.146.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478638/; classtype:trojan-activity;sid:82341738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478637)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.199.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478637/; classtype:trojan-activity;sid:82341737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478636)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.251.56.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478636/; classtype:trojan-activity;sid:82341736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478635)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.248.144.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478635/; classtype:trojan-activity;sid:82341735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478634)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.249.79.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478634/; classtype:trojan-activity;sid:82341734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478633)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.45.33.208"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478633/; classtype:trojan-activity;sid:82341733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478632)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.78.80"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478632/; classtype:trojan-activity;sid:82341732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478631)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.248.140.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478631/; classtype:trojan-activity;sid:82341731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478630)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"118.79.220.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478630/; classtype:trojan-activity;sid:82341730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478628)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.202.100.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478628/; classtype:trojan-activity;sid:82341728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478629)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.24.144.119"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478629/; classtype:trojan-activity;sid:82341729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478627)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.191.224.181"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478627/; classtype:trojan-activity;sid:82341727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478625)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"139.228.21.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478625/; classtype:trojan-activity;sid:82341725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478626)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.179.163.201"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478626/; classtype:trojan-activity;sid:82341726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478624)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.85.239.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478624/; classtype:trojan-activity;sid:82341724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478623)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.132.132"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478623/; classtype:trojan-activity;sid:82341723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478622)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.85.236.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478622/; classtype:trojan-activity;sid:82341722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478621)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.149.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478621/; classtype:trojan-activity;sid:82341721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478620)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.239.177.85"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478620/; classtype:trojan-activity;sid:82341720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478619)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.59.16.135"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478619/; classtype:trojan-activity;sid:82341719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478618)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.78.68.116"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478618/; classtype:trojan-activity;sid:82341718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478617)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.26.228.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478617/; classtype:trojan-activity;sid:82341717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478616)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.227.247.195"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478616/; classtype:trojan-activity;sid:82341716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478615)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.171.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478615/; classtype:trojan-activity;sid:82341715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478614)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.249.83.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478614/; classtype:trojan-activity;sid:82341714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478613)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.59.174.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478613/; classtype:trojan-activity;sid:82341713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478612)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.150.65.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478612/; classtype:trojan-activity;sid:82341712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478611)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.15.88.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478611/; classtype:trojan-activity;sid:82341711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478609)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.97.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478609/; classtype:trojan-activity;sid:82341709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478610)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.196.22.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478610/; classtype:trojan-activity;sid:82341710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478608)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.124.91.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478608/; classtype:trojan-activity;sid:82341708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478607)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.122.249.47"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478607/; classtype:trojan-activity;sid:82341707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478606)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.92.17"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478606/; classtype:trojan-activity;sid:82341706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478605)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.102.111.42"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478605/; classtype:trojan-activity;sid:82341705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478604)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"171.125.137.190"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478604/; classtype:trojan-activity;sid:82341704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478602)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.163.162.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478602/; classtype:trojan-activity;sid:82341702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478603)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.85.165.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478603/; classtype:trojan-activity;sid:82341703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478601)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.89.11.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478601/; classtype:trojan-activity;sid:82341701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478600)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.123.125.147"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478600/; classtype:trojan-activity;sid:82341700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478599)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.92.93.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478599/; classtype:trojan-activity;sid:82341699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478598)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.222.161.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478598/; classtype:trojan-activity;sid:82341698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478597)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.197.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478597/; classtype:trojan-activity;sid:82341697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478595)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.7.205.204"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478595/; classtype:trojan-activity;sid:82341695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478596)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.81.130.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478596/; classtype:trojan-activity;sid:82341696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478593)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.249.72.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478593/; classtype:trojan-activity;sid:82341693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478594)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.213.101.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478594/; classtype:trojan-activity;sid:82341694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478592)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.77.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478592/; classtype:trojan-activity;sid:82341692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478590)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.46.46.242"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478590/; classtype:trojan-activity;sid:82341690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478591)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.209.68"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478591/; classtype:trojan-activity;sid:82341691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478589)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"171.38.219.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478589/; classtype:trojan-activity;sid:82341689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478588)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.85.173.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478588/; classtype:trojan-activity;sid:82341688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478587)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.124.80.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478587/; classtype:trojan-activity;sid:82341687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478584)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.16.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478584/; classtype:trojan-activity;sid:82341684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478585)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.179.136"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478585/; classtype:trojan-activity;sid:82341685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478586)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.15.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478586/; classtype:trojan-activity;sid:82341686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478583)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.239.183.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478583/; classtype:trojan-activity;sid:82341683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478582)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.213.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478582/; classtype:trojan-activity;sid:82341682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478581)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.0.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478581/; classtype:trojan-activity;sid:82341681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478580)"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.arm"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"107.175.64.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478580/; classtype:trojan-activity;sid:82341680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478579)"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.x86"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"107.175.64.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478579/; classtype:trojan-activity;sid:82341679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478575)"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.arm5"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"107.175.64.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478575/; classtype:trojan-activity;sid:82341675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478576)"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.arm6"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"107.175.64.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478576/; classtype:trojan-activity;sid:82341676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478577)"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.arm7"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"107.175.64.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478577/; classtype:trojan-activity;sid:82341677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478578)"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.spc"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"107.175.64.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478578/; classtype:trojan-activity;sid:82341678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478572)"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.mips"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"107.175.64.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478572/; classtype:trojan-activity;sid:82341672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478573)"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.ppc"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"107.175.64.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478573/; classtype:trojan-activity;sid:82341673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478574)"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.sh4"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"107.175.64.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478574/; classtype:trojan-activity;sid:82341674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478570)"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.mpsl"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"107.175.64.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478570/; classtype:trojan-activity;sid:82341670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478571)"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.m68k"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"107.175.64.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478571/; classtype:trojan-activity;sid:82341671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478569)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.188.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478569/; classtype:trojan-activity;sid:82341669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478568)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.94.25.246"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478568/; classtype:trojan-activity;sid:82341668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478567)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.212.172.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478567/; classtype:trojan-activity;sid:82341667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478564)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.252.177.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478564/; classtype:trojan-activity;sid:82341664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478565)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.16.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478565/; classtype:trojan-activity;sid:82341665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478566)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.249.89.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478566/; classtype:trojan-activity;sid:82341666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478563)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"177.22.227.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478563/; classtype:trojan-activity;sid:82341663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478562)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"186.33.79.144"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478562/; classtype:trojan-activity;sid:82341662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478561)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"186.33.116.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478561/; classtype:trojan-activity;sid:82341661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478560)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.251.51.143"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478560/; classtype:trojan-activity;sid:82341660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478559)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.125.216.162"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478559/; classtype:trojan-activity;sid:82341659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478558)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.188.227"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478558/; classtype:trojan-activity;sid:82341658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478557)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-7.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"209.141.48.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478557/; classtype:trojan-activity;sid:82341657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478554)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.132.120.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478554/; classtype:trojan-activity;sid:82341654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478555)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.179.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478555/; classtype:trojan-activity;sid:82341655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478556)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.10.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478556/; classtype:trojan-activity;sid:82341656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478553)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.254.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478553/; classtype:trojan-activity;sid:82341653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478552)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-4.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"209.141.48.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478552/; classtype:trojan-activity;sid:82341652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478551)"; flow:established,from_client; content:"GET"; http_method; content:"/x-8.6-.sakura"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"209.141.48.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478551/; classtype:trojan-activity;sid:82341651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478550)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.204.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478550/; classtype:trojan-activity;sid:82341650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478549)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"171.124.18.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478549/; classtype:trojan-activity;sid:82341649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478548)"; flow:established,from_client; content:"GET"; http_method; content:"/x-3.2-.sakura"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"209.141.48.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478548/; classtype:trojan-activity;sid:82341648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478546)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.24.34.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478546/; classtype:trojan-activity;sid:82341646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478547)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"84.254.34.127"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478547/; classtype:trojan-activity;sid:82341647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478545)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"181.168.213.117"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478545/; classtype:trojan-activity;sid:82341645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478544)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.142.253.119"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478544/; classtype:trojan-activity;sid:82341644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478543)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.161.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478543/; classtype:trojan-activity;sid:82341643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478542)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.77.197"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478542/; classtype:trojan-activity;sid:82341642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478540)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.153.41.250"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478540/; classtype:trojan-activity;sid:82341640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478541)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.54.174.26"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478541/; classtype:trojan-activity;sid:82341641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478539)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.203.232"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478539/; classtype:trojan-activity;sid:82341639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478538)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.25.95.241"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478538/; classtype:trojan-activity;sid:82341638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478537)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.248.148.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478537/; classtype:trojan-activity;sid:82341637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478536)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-6.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"209.141.48.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478536/; classtype:trojan-activity;sid:82341636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478535)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"49.70.103.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478535/; classtype:trojan-activity;sid:82341635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478533)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.209.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478533/; classtype:trojan-activity;sid:82341633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478534)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.45.58.32"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478534/; classtype:trojan-activity;sid:82341634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478532)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.46.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478532/; classtype:trojan-activity;sid:82341632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478531)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"118.250.49.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478531/; classtype:trojan-activity;sid:82341631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478530)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.191.144.222"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478530/; classtype:trojan-activity;sid:82341630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478529)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.12.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478529/; classtype:trojan-activity;sid:82341629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478527)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.73.52.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478527/; classtype:trojan-activity;sid:82341627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478528)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.85.253.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478528/; classtype:trojan-activity;sid:82341628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478526)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.22.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478526/; classtype:trojan-activity;sid:82341626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478525)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.45.64.92"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478525/; classtype:trojan-activity;sid:82341625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478524)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.170.166.192"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478524/; classtype:trojan-activity;sid:82341624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478523)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.22.125"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478523/; classtype:trojan-activity;sid:82341623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478522)"; flow:established,from_client; content:"GET"; http_method; content:"/m-p.s-l.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"209.141.48.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478522/; classtype:trojan-activity;sid:82341622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478521)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.15.179.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478521/; classtype:trojan-activity;sid:82341621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478519)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.248.146.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478519/; classtype:trojan-activity;sid:82341619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478520)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"213.226.140.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478520/; classtype:trojan-activity;sid:82341620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478517)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.16.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478517/; classtype:trojan-activity;sid:82341617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478518)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.247.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478518/; classtype:trojan-activity;sid:82341618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478516)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.248.112.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478516/; classtype:trojan-activity;sid:82341616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478515)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.230.91.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478515/; classtype:trojan-activity;sid:82341615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478514)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.45.128.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478514/; classtype:trojan-activity;sid:82341614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478513)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.251.58.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478513/; classtype:trojan-activity;sid:82341613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478512)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.85.197.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478512/; classtype:trojan-activity;sid:82341612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478511)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-5.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"209.141.48.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478511/; classtype:trojan-activity;sid:82341611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478510)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"118.76.252.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478510/; classtype:trojan-activity;sid:82341610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478509)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.85.165.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478509/; classtype:trojan-activity;sid:82341609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478508)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.179.166.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478508/; classtype:trojan-activity;sid:82341608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478507)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.97.102.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478507/; classtype:trojan-activity;sid:82341607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478506)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.184.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478506/; classtype:trojan-activity;sid:82341606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478504)"; flow:established,from_client; content:"GET"; http_method; content:"/i-5.8-6.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"209.141.48.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478504/; classtype:trojan-activity;sid:82341604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478505)"; flow:established,from_client; content:"GET"; http_method; content:"/m-6.8-k.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"209.141.48.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478505/; classtype:trojan-activity;sid:82341605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478502)"; flow:established,from_client; content:"GET"; http_method; content:"/p-p.c-.sakura"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"209.141.48.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478502/; classtype:trojan-activity;sid:82341602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478503)"; flow:established,from_client; content:"GET"; http_method; content:"/s-h.4-.sakura"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"209.141.48.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478503/; classtype:trojan-activity;sid:82341603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478501)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.233.90"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478501/; classtype:trojan-activity;sid:82341601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478499)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.209.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478499/; classtype:trojan-activity;sid:82341599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478500)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.211.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478500/; classtype:trojan-activity;sid:82341600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478498)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.114.102.173"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478498/; classtype:trojan-activity;sid:82341598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478497)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.201.200.36"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478497/; classtype:trojan-activity;sid:82341597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478496)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.164.248"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478496/; classtype:trojan-activity;sid:82341596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478495)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.239.11.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478495/; classtype:trojan-activity;sid:82341595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478494)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.193.91.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478494/; classtype:trojan-activity;sid:82341594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478493)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.15.179.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478493/; classtype:trojan-activity;sid:82341593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478492)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.197.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478492/; classtype:trojan-activity;sid:82341592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478490)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.141.87.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478490/; classtype:trojan-activity;sid:82341590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478491)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.172.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478491/; classtype:trojan-activity;sid:82341591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478489)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.249.90.168"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478489/; classtype:trojan-activity;sid:82341589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478487)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.255.211.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478487/; classtype:trojan-activity;sid:82341587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478488)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.173.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478488/; classtype:trojan-activity;sid:82341588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478486)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.243.180.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478486/; classtype:trojan-activity;sid:82341586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478484)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.47.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478484/; classtype:trojan-activity;sid:82341584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478485)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.70.187"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478485/; classtype:trojan-activity;sid:82341585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478483)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.141.36.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478483/; classtype:trojan-activity;sid:82341583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478482)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.92.182"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478482/; classtype:trojan-activity;sid:82341582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478480)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.43.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478480/; classtype:trojan-activity;sid:82341580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478481)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.7.147.176"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478481/; classtype:trojan-activity;sid:82341581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478479)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.45.38.190"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478479/; classtype:trojan-activity;sid:82341579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478478)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.213.90"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478478/; classtype:trojan-activity;sid:82341578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478477)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.53.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478477/; classtype:trojan-activity;sid:82341577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478476)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.47.50.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478476/; classtype:trojan-activity;sid:82341576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478475)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.45.54.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478475/; classtype:trojan-activity;sid:82341575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478474)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.28.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478474/; classtype:trojan-activity;sid:82341574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478473)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.89.164.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478473/; classtype:trojan-activity;sid:82341573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478472)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.164.155.82"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478472/; classtype:trojan-activity;sid:82341572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478471)"; flow:established,from_client; content:"GET"; http_method; content:"/m-i.p-s.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"209.141.48.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478471/; classtype:trojan-activity;sid:82341571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478470)"; flow:established,from_client; content:"GET"; http_method; content:"/sakura.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"209.141.48.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478470/; classtype:trojan-activity;sid:82341570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478469)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.74.23.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478469/; classtype:trojan-activity;sid:82341569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478468)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.215.222.102"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478468/; classtype:trojan-activity;sid:82341568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478467)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.89.52.87"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478467/; classtype:trojan-activity;sid:82341567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478466)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.45.128.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478466/; classtype:trojan-activity;sid:82341566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478465)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"49.89.169.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478465/; classtype:trojan-activity;sid:82341565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478464)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.43.110.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478464/; classtype:trojan-activity;sid:82341564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478463)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.252.202.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478463/; classtype:trojan-activity;sid:82341563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478462)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.88.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478462/; classtype:trojan-activity;sid:82341562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478460)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"179.91.147.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478460/; classtype:trojan-activity;sid:82341560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478461)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.30.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478461/; classtype:trojan-activity;sid:82341561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478458)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.40.255"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478458/; classtype:trojan-activity;sid:82341558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478459)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.218.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478459/; classtype:trojan-activity;sid:82341559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478456)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.201.203.139"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478456/; classtype:trojan-activity;sid:82341556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478457)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.27.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478457/; classtype:trojan-activity;sid:82341557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478455)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.93.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478455/; classtype:trojan-activity;sid:82341555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478452)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.85.164.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478452/; classtype:trojan-activity;sid:82341552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478453)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"118.41.207.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478453/; classtype:trojan-activity;sid:82341553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478454)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.121.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478454/; classtype:trojan-activity;sid:82341554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478451)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"180.188.224.149"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478451/; classtype:trojan-activity;sid:82341551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478448)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.229.54.174"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478448/; classtype:trojan-activity;sid:82341548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478449)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.229.55.123"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478449/; classtype:trojan-activity;sid:82341549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478450)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.89.48.68"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478450/; classtype:trojan-activity;sid:82341550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478447)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.171.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478447/; classtype:trojan-activity;sid:82341547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478446)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.162.195.94"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478446/; classtype:trojan-activity;sid:82341546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478445)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.168.252.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478445/; classtype:trojan-activity;sid:82341545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478444)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.15.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478444/; classtype:trojan-activity;sid:82341544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478442)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.85.164.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478442/; classtype:trojan-activity;sid:82341542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478443)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.142.123.128"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478443/; classtype:trojan-activity;sid:82341543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478441)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"101.0.49.215"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478441/; classtype:trojan-activity;sid:82341541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478440)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.143.7.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478440/; classtype:trojan-activity;sid:82341540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478438)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"49.89.243.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478438/; classtype:trojan-activity;sid:82341538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478439)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.22.249.96"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478439/; classtype:trojan-activity;sid:82341539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478435)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.122.112.10"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478435/; classtype:trojan-activity;sid:82341535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478436)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.6.195.152"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478436/; classtype:trojan-activity;sid:82341536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478437)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.70.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478437/; classtype:trojan-activity;sid:82341537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478434)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"121.161.117.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478434/; classtype:trojan-activity;sid:82341534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478433)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.30.1.182"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478433/; classtype:trojan-activity;sid:82341533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478432)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.141.36.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478432/; classtype:trojan-activity;sid:82341532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478431)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"111.179.161.172"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478431/; classtype:trojan-activity;sid:82341531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478430)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.211.15.182"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478430/; classtype:trojan-activity;sid:82341530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478429)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.50.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478429/; classtype:trojan-activity;sid:82341529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478428)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.122.133"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478428/; classtype:trojan-activity;sid:82341528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478427)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.45.14.108"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478427/; classtype:trojan-activity;sid:82341527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478426)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.59.207.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478426/; classtype:trojan-activity;sid:82341526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478425)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.90.148.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478425/; classtype:trojan-activity;sid:82341525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478424)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.142.154.51"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478424/; classtype:trojan-activity;sid:82341524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478423)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.193.91.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478423/; classtype:trojan-activity;sid:82341523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478422)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.10.102.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478422/; classtype:trojan-activity;sid:82341522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478421)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.139.32.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478421/; classtype:trojan-activity;sid:82341521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478419)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.123.217.119"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478419/; classtype:trojan-activity;sid:82341519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478420)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"177.12.28.187"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478420/; classtype:trojan-activity;sid:82341520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478418)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.61.141.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478418/; classtype:trojan-activity;sid:82341518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478417)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"64.66.18.24"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478417/; classtype:trojan-activity;sid:82341517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478416)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.232.182.49"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478416/; classtype:trojan-activity;sid:82341516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478415)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.94.206.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478415/; classtype:trojan-activity;sid:82341515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478414)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.253.14.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478414/; classtype:trojan-activity;sid:82341514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478412)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.217.189.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478412/; classtype:trojan-activity;sid:82341512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478413)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.248.141.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478413/; classtype:trojan-activity;sid:82341513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478410)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.180.63"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478410/; classtype:trojan-activity;sid:82341510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478411)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.248.154.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478411/; classtype:trojan-activity;sid:82341511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478408)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.179.217.94"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478408/; classtype:trojan-activity;sid:82341508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478409)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.161.191.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478409/; classtype:trojan-activity;sid:82341509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478406)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.123.217.184"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478406/; classtype:trojan-activity;sid:82341506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478407)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.165.38.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478407/; classtype:trojan-activity;sid:82341507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478405)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.15.179.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478405/; classtype:trojan-activity;sid:82341505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478404)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.82.141"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478404/; classtype:trojan-activity;sid:82341504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478403)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.183.232"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478403/; classtype:trojan-activity;sid:82341503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478402)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.245.190.45"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478402/; classtype:trojan-activity;sid:82341502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478401)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"101.204.127.12"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478401/; classtype:trojan-activity;sid:82341501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478400)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.61.102.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478400/; classtype:trojan-activity;sid:82341500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478399)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.233.221"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478399/; classtype:trojan-activity;sid:82341499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478398)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"49.70.96.96"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478398/; classtype:trojan-activity;sid:82341498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478397)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.248.115.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478397/; classtype:trojan-activity;sid:82341497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478395)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.33.128"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478395/; classtype:trojan-activity;sid:82341495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478396)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.76.91"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478396/; classtype:trojan-activity;sid:82341496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478392)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.45.35.135"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478392/; classtype:trojan-activity;sid:82341492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478393)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.178.125.12"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478393/; classtype:trojan-activity;sid:82341493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478394)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.228.77.102"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478394/; classtype:trojan-activity;sid:82341494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478391)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.88.229.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478391/; classtype:trojan-activity;sid:82341491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478390)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.231.210.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478390/; classtype:trojan-activity;sid:82341490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478389)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"186.90.19.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478389/; classtype:trojan-activity;sid:82341489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478388)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.91.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478388/; classtype:trojan-activity;sid:82341488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478387)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.170.50.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478387/; classtype:trojan-activity;sid:82341487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478384)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.225.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478384/; classtype:trojan-activity;sid:82341484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478385)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.133.144.144"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478385/; classtype:trojan-activity;sid:82341485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478386)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.204.222.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478386/; classtype:trojan-activity;sid:82341486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478382)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.69.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478382/; classtype:trojan-activity;sid:82341482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478383)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.53.54.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478383/; classtype:trojan-activity;sid:82341483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478380)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.97.199.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478380/; classtype:trojan-activity;sid:82341480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478381)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.252.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478381/; classtype:trojan-activity;sid:82341481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478379)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.95.83.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478379/; classtype:trojan-activity;sid:82341479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478378)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.228.40.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478378/; classtype:trojan-activity;sid:82341478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478376)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"47.63.61.29"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478376/; classtype:trojan-activity;sid:82341476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478377)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.233.121.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478377/; classtype:trojan-activity;sid:82341477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478374)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.141.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478374/; classtype:trojan-activity;sid:82341474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478375)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.94.206.234"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478375/; classtype:trojan-activity;sid:82341475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478373)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.205.165"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478373/; classtype:trojan-activity;sid:82341473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478372)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.225.243.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478372/; classtype:trojan-activity;sid:82341472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478371)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.218.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478371/; classtype:trojan-activity;sid:82341471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478370)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.251.52.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478370/; classtype:trojan-activity;sid:82341470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478369)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.201.187"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478369/; classtype:trojan-activity;sid:82341469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478367)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.125.216.100"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478367/; classtype:trojan-activity;sid:82341467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478368)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.94.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478368/; classtype:trojan-activity;sid:82341468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478366)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"186.33.118.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478366/; classtype:trojan-activity;sid:82341466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478364)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.251.53.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478364/; classtype:trojan-activity;sid:82341464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478365)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.185.118"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478365/; classtype:trojan-activity;sid:82341465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478363)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.54.99.113"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478363/; classtype:trojan-activity;sid:82341463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478362)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.166.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478362/; classtype:trojan-activity;sid:82341462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478361)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.239.9.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478361/; classtype:trojan-activity;sid:82341461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478360)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.180.181"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478360/; classtype:trojan-activity;sid:82341460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478359)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.97.30.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478359/; classtype:trojan-activity;sid:82341459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478358)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.46.167.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478358/; classtype:trojan-activity;sid:82341458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478357)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.31.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478357/; classtype:trojan-activity;sid:82341457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478356)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.183.11.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478356/; classtype:trojan-activity;sid:82341456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478355)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.94.198.124"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478355/; classtype:trojan-activity;sid:82341455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478354)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.61.102.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478354/; classtype:trojan-activity;sid:82341454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478353)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.252.117.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478353/; classtype:trojan-activity;sid:82341453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478352)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.252.177.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478352/; classtype:trojan-activity;sid:82341452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478350)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.40.123.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478350/; classtype:trojan-activity;sid:82341450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478351)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.46.46.15"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478351/; classtype:trojan-activity;sid:82341451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478348)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.55.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478348/; classtype:trojan-activity;sid:82341448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478349)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.227.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478349/; classtype:trojan-activity;sid:82341449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478347)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.178.60.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478347/; classtype:trojan-activity;sid:82341447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478345)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.45.56.157"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478345/; classtype:trojan-activity;sid:82341445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478346)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.40.123.80"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478346/; classtype:trojan-activity;sid:82341446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478344)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.193.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478344/; classtype:trojan-activity;sid:82341444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478343)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.45.89.76"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478343/; classtype:trojan-activity;sid:82341443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478342)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.149.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478342/; classtype:trojan-activity;sid:82341442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478341)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.7.41.97"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478341/; classtype:trojan-activity;sid:82341441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478340)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.204.92"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478340/; classtype:trojan-activity;sid:82341440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478339)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.8.4.67"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478339/; classtype:trojan-activity;sid:82341439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478337)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.123.217.52"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478337/; classtype:trojan-activity;sid:82341437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478338)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.85.164.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478338/; classtype:trojan-activity;sid:82341438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478336)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.128.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478336/; classtype:trojan-activity;sid:82341436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478333)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.81.138.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478333/; classtype:trojan-activity;sid:82341433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478334)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.209.190"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478334/; classtype:trojan-activity;sid:82341434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478335)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.86.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478335/; classtype:trojan-activity;sid:82341435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478332)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"14.155.220.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478332/; classtype:trojan-activity;sid:82341432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478331)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.46.167.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478331/; classtype:trojan-activity;sid:82341431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478330)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.27.85.113"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478330/; classtype:trojan-activity;sid:82341430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478329)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.31.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478329/; classtype:trojan-activity;sid:82341429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478328)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.27.73"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478328/; classtype:trojan-activity;sid:82341428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478327)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.208.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478327/; classtype:trojan-activity;sid:82341427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478326)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.46.47.40"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478326/; classtype:trojan-activity;sid:82341426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478325)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.17.252"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478325/; classtype:trojan-activity;sid:82341425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478324)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.204.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478324/; classtype:trojan-activity;sid:82341424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478322)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.97.201.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478322/; classtype:trojan-activity;sid:82341422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478323)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.154.13"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478323/; classtype:trojan-activity;sid:82341423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478320)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.5.42.12"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478320/; classtype:trojan-activity;sid:82341420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478321)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.47.114.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478321/; classtype:trojan-activity;sid:82341421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478319)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.30.110.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478319/; classtype:trojan-activity;sid:82341419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478318)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.45.57.161"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478318/; classtype:trojan-activity;sid:82341418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478317)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.213.143"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478317/; classtype:trojan-activity;sid:82341417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478316)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.38.122.6"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478316/; classtype:trojan-activity;sid:82341416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478315)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.233.221"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478315/; classtype:trojan-activity;sid:82341415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478313)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.45.58.221"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478313/; classtype:trojan-activity;sid:82341413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478314)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.45.33.8"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478314/; classtype:trojan-activity;sid:82341414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478312)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.54.69.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478312/; classtype:trojan-activity;sid:82341412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478311)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.5.99"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478311/; classtype:trojan-activity;sid:82341411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478310)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.239.124"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478310/; classtype:trojan-activity;sid:82341410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478309)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.184.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478309/; classtype:trojan-activity;sid:82341409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478308)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.180.105.243"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478308/; classtype:trojan-activity;sid:82341408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478307)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.85.167.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478307/; classtype:trojan-activity;sid:82341407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478306)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.101.59.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478306/; classtype:trojan-activity;sid:82341406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478305)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.95.82.151"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478305/; classtype:trojan-activity;sid:82341405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478304)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"111.246.80.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478304/; classtype:trojan-activity;sid:82341404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478303)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.55.23.239"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478303/; classtype:trojan-activity;sid:82341403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478302)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.202.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478302/; classtype:trojan-activity;sid:82341402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478299)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.149.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478299/; classtype:trojan-activity;sid:82341399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478300)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.249.85.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478300/; classtype:trojan-activity;sid:82341400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478301)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.252.177.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478301/; classtype:trojan-activity;sid:82341401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478297)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.249.72.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478297/; classtype:trojan-activity;sid:82341397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478298)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.176.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478298/; classtype:trojan-activity;sid:82341398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478296)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.75.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478296/; classtype:trojan-activity;sid:82341396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478295)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.118.143.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478295/; classtype:trojan-activity;sid:82341395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478294)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.102.243"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478294/; classtype:trojan-activity;sid:82341394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478293)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.204.209.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478293/; classtype:trojan-activity;sid:82341393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478292)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"171.37.10.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478292/; classtype:trojan-activity;sid:82341392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478291)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"171.36.166.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478291/; classtype:trojan-activity;sid:82341391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478290)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.85.175.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478290/; classtype:trojan-activity;sid:82341390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478288)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.52.22.187"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478288/; classtype:trojan-activity;sid:82341388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478289)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.178.136.253"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478289/; classtype:trojan-activity;sid:82341389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478287)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.57.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478287/; classtype:trojan-activity;sid:82341387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478286)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.110.228.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478286/; classtype:trojan-activity;sid:82341386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478285)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.155.220.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478285/; classtype:trojan-activity;sid:82341385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478284)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.253.127.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478284/; classtype:trojan-activity;sid:82341384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478283)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.30.110.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478283/; classtype:trojan-activity;sid:82341383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478282)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.209.127.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478282/; classtype:trojan-activity;sid:82341382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478281)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.28.26"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478281/; classtype:trojan-activity;sid:82341381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478278)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.55.96.40"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478278/; classtype:trojan-activity;sid:82341378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478279)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.101.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478279/; classtype:trojan-activity;sid:82341379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478280)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.156.204.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478280/; classtype:trojan-activity;sid:82341380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478277)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.29.208"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478277/; classtype:trojan-activity;sid:82341377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478276)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.5.20.201"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478276/; classtype:trojan-activity;sid:82341376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478275)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.248.141.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478275/; classtype:trojan-activity;sid:82341375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478274)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.23.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478274/; classtype:trojan-activity;sid:82341374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478273)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"180.117.32.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478273/; classtype:trojan-activity;sid:82341373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478272)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.114.100.67"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478272/; classtype:trojan-activity;sid:82341372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478271)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.214.91.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478271/; classtype:trojan-activity;sid:82341371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478270)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.251.50.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478270/; classtype:trojan-activity;sid:82341370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478268)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.85.171.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478268/; classtype:trojan-activity;sid:82341368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478269)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.179.164.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478269/; classtype:trojan-activity;sid:82341369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478267)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.167.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478267/; classtype:trojan-activity;sid:82341367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478266)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.54.114.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478266/; classtype:trojan-activity;sid:82341366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478264)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.238.228.4"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478264/; classtype:trojan-activity;sid:82341364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478265)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"101.75.185.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478265/; classtype:trojan-activity;sid:82341365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478263)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.94.196.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478263/; classtype:trojan-activity;sid:82341363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478261)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.42.195"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478261/; classtype:trojan-activity;sid:82341361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478262)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.25.217"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478262/; classtype:trojan-activity;sid:82341362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478260)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.157.41"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478260/; classtype:trojan-activity;sid:82341360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478259)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.2.78"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478259/; classtype:trojan-activity;sid:82341359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478258)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.109.139"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478258/; classtype:trojan-activity;sid:82341358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478257)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.248.142.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478257/; classtype:trojan-activity;sid:82341357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478253)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.6.1.82"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478253/; classtype:trojan-activity;sid:82341353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478254)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.255.159.254"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478254/; classtype:trojan-activity;sid:82341354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478255)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.123.126.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478255/; classtype:trojan-activity;sid:82341355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478256)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.215.63.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478256/; classtype:trojan-activity;sid:82341356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478252)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.71.1"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478252/; classtype:trojan-activity;sid:82341352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478251)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.5.41.192"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478251/; classtype:trojan-activity;sid:82341351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478250)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.242.231"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478250/; classtype:trojan-activity;sid:82341350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478249)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.91.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478249/; classtype:trojan-activity;sid:82341349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478247)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.125.243.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478247/; classtype:trojan-activity;sid:82341347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478248)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"118.172.255.87"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478248/; classtype:trojan-activity;sid:82341348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478246)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.8.155.127"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478246/; classtype:trojan-activity;sid:82341346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478245)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.251.49.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478245/; classtype:trojan-activity;sid:82341345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478244)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.179.167.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478244/; classtype:trojan-activity;sid:82341344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478243)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.59.88.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478243/; classtype:trojan-activity;sid:82341343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478242)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.41.30.233"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478242/; classtype:trojan-activity;sid:82341342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478241)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.216.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478241/; classtype:trojan-activity;sid:82341341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478240)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.218.232.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478240/; classtype:trojan-activity;sid:82341340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478239)"; flow:established,from_client; content:"GET"; http_method; content:"/99/server.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"static.222.99.99.88.clients.your-server.de"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478239/; classtype:trojan-activity;sid:82341339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478238)"; flow:established,from_client; content:"GET"; http_method; content:"/116/onedrive.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"static.222.99.99.88.clients.your-server.de"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478238/; classtype:trojan-activity;sid:82341338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478237)"; flow:established,from_client; content:"GET"; http_method; content:"/91/onedrivenwt2.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"static.222.99.99.88.clients.your-server.de"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478237/; classtype:trojan-activity;sid:82341337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478236)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.104.247"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478236/; classtype:trojan-activity;sid:82341336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478235)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.46.45.132"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478235/; classtype:trojan-activity;sid:82341335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478231)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.45.32.34"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478231/; classtype:trojan-activity;sid:82341331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478232)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.43.117.149"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478232/; classtype:trojan-activity;sid:82341332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478233)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.17.168"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478233/; classtype:trojan-activity;sid:82341333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478234)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.6.28.138"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478234/; classtype:trojan-activity;sid:82341334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478230)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.40.117.145"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478230/; classtype:trojan-activity;sid:82341330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478229)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.6.196.108"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478229/; classtype:trojan-activity;sid:82341329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478228)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.253.12.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478228/; classtype:trojan-activity;sid:82341328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478226)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.29.129"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478226/; classtype:trojan-activity;sid:82341326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478227)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.171.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478227/; classtype:trojan-activity;sid:82341327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478225)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.114.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478225/; classtype:trojan-activity;sid:82341325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478224)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.150.102.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478224/; classtype:trojan-activity;sid:82341324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478223)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.108.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478223/; classtype:trojan-activity;sid:82341323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478221)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.163.162.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478221/; classtype:trojan-activity;sid:82341321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478222)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.4.144"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478222/; classtype:trojan-activity;sid:82341322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478217)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.251.55.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478217/; classtype:trojan-activity;sid:82341317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478218)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.142.121.97"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478218/; classtype:trojan-activity;sid:82341318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478219)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.160.173"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478219/; classtype:trojan-activity;sid:82341319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478220)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.63.3.123"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478220/; classtype:trojan-activity;sid:82341320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478216)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.35.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478216/; classtype:trojan-activity;sid:82341316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478215)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.201.205.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478215/; classtype:trojan-activity;sid:82341315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478212)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.253.3.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478212/; classtype:trojan-activity;sid:82341312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478213)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.51.92.171"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478213/; classtype:trojan-activity;sid:82341313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478214)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.98.18.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478214/; classtype:trojan-activity;sid:82341314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478211)"; flow:established,from_client; content:"GET"; http_method; content:"/91/onedrive.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"static.222.99.99.88.clients.your-server.de"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478211/; classtype:trojan-activity;sid:82341311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478210)"; flow:established,from_client; content:"GET"; http_method; content:"/99/system.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"static.222.99.99.88.clients.your-server.de"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478210/; classtype:trojan-activity;sid:82341310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478209)"; flow:established,from_client; content:"GET"; http_method; content:"/116/onedrivenwt2.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"static.222.99.99.88.clients.your-server.de"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478209/; classtype:trojan-activity;sid:82341309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478208)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.96.29.199"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478208/; classtype:trojan-activity;sid:82341308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478207)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.81.79"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478207/; classtype:trojan-activity;sid:82341307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478206)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.38.122.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478206/; classtype:trojan-activity;sid:82341306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478205)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.37.198.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478205/; classtype:trojan-activity;sid:82341305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478204)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"49.89.196.6"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478204/; classtype:trojan-activity;sid:82341304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478203)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.35.93.210"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478203/; classtype:trojan-activity;sid:82341303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478200)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.30.127.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478200/; classtype:trojan-activity;sid:82341300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478201)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.102.38.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478201/; classtype:trojan-activity;sid:82341301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478202)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.252.197.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478202/; classtype:trojan-activity;sid:82341302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478199)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.179.162.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478199/; classtype:trojan-activity;sid:82341299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478197)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.233.108.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478197/; classtype:trojan-activity;sid:82341297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478198)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.6.27.228"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478198/; classtype:trojan-activity;sid:82341298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478196)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.150.216"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478196/; classtype:trojan-activity;sid:82341296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478195)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.38.68.243"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478195/; classtype:trojan-activity;sid:82341295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478194)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.15.91.31"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478194/; classtype:trojan-activity;sid:82341294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478193)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.240.252.183"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478193/; classtype:trojan-activity;sid:82341293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478192)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"171.38.147.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478192/; classtype:trojan-activity;sid:82341292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478191)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.179.162.4"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478191/; classtype:trojan-activity;sid:82341291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478190)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.33.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478190/; classtype:trojan-activity;sid:82341290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478189)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.148.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478189/; classtype:trojan-activity;sid:82341289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478188)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.8.236.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478188/; classtype:trojan-activity;sid:82341288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478187)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.91.163.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478187/; classtype:trojan-activity;sid:82341287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478186)"; flow:established,from_client; content:"GET"; http_method; content:"/99/1643.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"static.222.99.99.88.clients.your-server.de"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478186/; classtype:trojan-activity;sid:82341286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478185)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"14.160.2.206"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478185/; classtype:trojan-activity;sid:82341285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478184)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.104.247"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478184/; classtype:trojan-activity;sid:82341284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478183)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm7"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"104.128.228.148"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478183/; classtype:trojan-activity;sid:82341283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478182)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.189.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478182/; classtype:trojan-activity;sid:82341282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478181)"; flow:established,from_client; content:"GET"; http_method; content:"/askhelp05/askinstall5.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"www.szwbjs.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478181/; classtype:trojan-activity;sid:82341281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478180)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.239.120.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478180/; classtype:trojan-activity;sid:82341280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478179)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.204.108"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478179/; classtype:trojan-activity;sid:82341279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478178)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.249.75.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478178/; classtype:trojan-activity;sid:82341278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478177)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.98.18.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478177/; classtype:trojan-activity;sid:82341277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478176)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.22.171.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478176/; classtype:trojan-activity;sid:82341276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478174)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.188.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478174/; classtype:trojan-activity;sid:82341274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478175)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.46.45.69"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478175/; classtype:trojan-activity;sid:82341275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478172)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.249.84.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478172/; classtype:trojan-activity;sid:82341272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478173)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.85.166.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478173/; classtype:trojan-activity;sid:82341273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478169)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"49.89.175.203"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478169/; classtype:trojan-activity;sid:82341269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478170)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.98.176.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478170/; classtype:trojan-activity;sid:82341270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478171)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.95.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478171/; classtype:trojan-activity;sid:82341271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478164)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.111.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478164/; classtype:trojan-activity;sid:82341264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478165)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.11.213.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478165/; classtype:trojan-activity;sid:82341265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478166)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.177.36.214"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478166/; classtype:trojan-activity;sid:82341266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478167)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.83.21"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478167/; classtype:trojan-activity;sid:82341267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478168)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.235.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478168/; classtype:trojan-activity;sid:82341268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478163)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"186.33.124.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478163/; classtype:trojan-activity;sid:82341263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478162)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"101.108.128.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478162/; classtype:trojan-activity;sid:82341262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478161)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.132.147.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478161/; classtype:trojan-activity;sid:82341261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478160)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.92.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478160/; classtype:trojan-activity;sid:82341260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478159)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.30.4.136"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478159/; classtype:trojan-activity;sid:82341259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478157)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"90.117.186.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478157/; classtype:trojan-activity;sid:82341257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478158)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.130.29.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478158/; classtype:trojan-activity;sid:82341258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478156)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.228.126.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478156/; classtype:trojan-activity;sid:82341256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478154)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.176.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478154/; classtype:trojan-activity;sid:82341254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478155)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"49.89.197.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478155/; classtype:trojan-activity;sid:82341255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478153)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.178.139.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478153/; classtype:trojan-activity;sid:82341253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478149)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.242.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478149/; classtype:trojan-activity;sid:82341249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478150)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"173.11.194.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478150/; classtype:trojan-activity;sid:82341250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478151)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.245.54.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478151/; classtype:trojan-activity;sid:82341251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478152)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"49.89.241.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478152/; classtype:trojan-activity;sid:82341252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478148)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.139.68.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478148/; classtype:trojan-activity;sid:82341248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478147)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.29.199"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478147/; classtype:trojan-activity;sid:82341247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478146)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.28.107"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478146/; classtype:trojan-activity;sid:82341246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478145)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.17.157"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478145/; classtype:trojan-activity;sid:82341245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478143)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.83.229.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478143/; classtype:trojan-activity;sid:82341243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478144)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.6.206.149"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478144/; classtype:trojan-activity;sid:82341244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478142)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.147.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478142/; classtype:trojan-activity;sid:82341242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478141)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"49.89.169.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478141/; classtype:trojan-activity;sid:82341241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478140)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.252.177.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478140/; classtype:trojan-activity;sid:82341240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478139)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.239.178.255"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478139/; classtype:trojan-activity;sid:82341239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478138)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.26.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478138/; classtype:trojan-activity;sid:82341238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478137)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.185.37"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478137/; classtype:trojan-activity;sid:82341237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478136)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"122.188.150.131"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478136/; classtype:trojan-activity;sid:82341236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478135)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.88.225.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478135/; classtype:trojan-activity;sid:82341235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478134)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.30.4.61"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478134/; classtype:trojan-activity;sid:82341234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478133)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.24.57.88"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478133/; classtype:trojan-activity;sid:82341233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478131)"; flow:established,from_client; content:"GET"; http_method; content:"/sora.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"104.128.228.148"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478131/; classtype:trojan-activity;sid:82341231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478132)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.x86"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"104.128.228.148"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478132/; classtype:trojan-activity;sid:82341232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478129)"; flow:established,from_client; content:"GET"; http_method; content:"/8/items/async-rat-stealer-23456789/asyncrat_stealer_23456789.txt"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"ia601401.us.archive.org"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478129/; classtype:trojan-activity;sid:82341229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478130)"; flow:established,from_client; content:"GET"; http_method; content:"/0/items/asyncrat_stealer_all_32456789/asyncrat_stealer_all_32456789.txt"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"ia601503.us.archive.org"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478130/; classtype:trojan-activity;sid:82341230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478128)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.27.124.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478128/; classtype:trojan-activity;sid:82341228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478127)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.94.197.204"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478127/; classtype:trojan-activity;sid:82341227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478125)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.208.15.127"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478125/; classtype:trojan-activity;sid:82341225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478126)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.252.0.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478126/; classtype:trojan-activity;sid:82341226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478123)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.45.33.138"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478123/; classtype:trojan-activity;sid:82341223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478124)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.38.68.243"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478124/; classtype:trojan-activity;sid:82341224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478121)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.201.199.191"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478121/; classtype:trojan-activity;sid:82341221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478122)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.87.117.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478122/; classtype:trojan-activity;sid:82341222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478120)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.225.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478120/; classtype:trojan-activity;sid:82341220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478119)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.180.71.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478119/; classtype:trojan-activity;sid:82341219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478117)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.189.12.53"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478117/; classtype:trojan-activity;sid:82341217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478118)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.202.161.125"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478118/; classtype:trojan-activity;sid:82341218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478116)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.95.81.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478116/; classtype:trojan-activity;sid:82341216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478115)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.161.232.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478115/; classtype:trojan-activity;sid:82341215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478114)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.11.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478114/; classtype:trojan-activity;sid:82341214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478113)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.239.216"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478113/; classtype:trojan-activity;sid:82341213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478112)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.5.40.54"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478112/; classtype:trojan-activity;sid:82341212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478111)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.122.195.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478111/; classtype:trojan-activity;sid:82341211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478109)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.84.107.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478109/; classtype:trojan-activity;sid:82341209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478110)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.204.223.25"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478110/; classtype:trojan-activity;sid:82341210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478108)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"121.130.79.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478108/; classtype:trojan-activity;sid:82341208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478107)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.235.26.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478107/; classtype:trojan-activity;sid:82341207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478105)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.186.208.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478105/; classtype:trojan-activity;sid:82341205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478106)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.86.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478106/; classtype:trojan-activity;sid:82341206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478104)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.83.118.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478104/; classtype:trojan-activity;sid:82341204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478103)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.238.42.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478103/; classtype:trojan-activity;sid:82341203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478102)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.189.90.162"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478102/; classtype:trojan-activity;sid:82341202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478101)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"183.20.131.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478101/; classtype:trojan-activity;sid:82341201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478100)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.98.199.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478100/; classtype:trojan-activity;sid:82341200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478099)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"84.214.110.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478099/; classtype:trojan-activity;sid:82341199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478098)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.249.90.1"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478098/; classtype:trojan-activity;sid:82341198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478096)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.37.199.173"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478096/; classtype:trojan-activity;sid:82341196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478097)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.223.13.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478097/; classtype:trojan-activity;sid:82341197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478095)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"89.21.194.88"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478095/; classtype:trojan-activity;sid:82341195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478093)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.45.13.1"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478093/; classtype:trojan-activity;sid:82341193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478094)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.142.191"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478094/; classtype:trojan-activity;sid:82341194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478090)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.154.230"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478090/; classtype:trojan-activity;sid:82341190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478091)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.248.149.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478091/; classtype:trojan-activity;sid:82341191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478092)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.72.188.253"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478092/; classtype:trojan-activity;sid:82341192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478089)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.176.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478089/; classtype:trojan-activity;sid:82341189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478088)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.142.77.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478088/; classtype:trojan-activity;sid:82341188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478087)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"211.244.200.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478087/; classtype:trojan-activity;sid:82341187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478085)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.201.195.142"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478085/; classtype:trojan-activity;sid:82341185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478086)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.201.203.110"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478086/; classtype:trojan-activity;sid:82341186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478084)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.6.194.169"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478084/; classtype:trojan-activity;sid:82341184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478083)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.247.58.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478083/; classtype:trojan-activity;sid:82341183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478082)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.20.131.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478082/; classtype:trojan-activity;sid:82341182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478081)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.226.187.64"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478081/; classtype:trojan-activity;sid:82341181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478079)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.28.131"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478079/; classtype:trojan-activity;sid:82341179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478080)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.94.205.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478080/; classtype:trojan-activity;sid:82341180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478078)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"82.209.65.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478078/; classtype:trojan-activity;sid:82341178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478077)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.28.63"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478077/; classtype:trojan-activity;sid:82341177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478076)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.47.4"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478076/; classtype:trojan-activity;sid:82341176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478075)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.94.181.81"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478075/; classtype:trojan-activity;sid:82341175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478074)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.248.143.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478074/; classtype:trojan-activity;sid:82341174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478069)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.169.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478069/; classtype:trojan-activity;sid:82341169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478070)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.233.125.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478070/; classtype:trojan-activity;sid:82341170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478071)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.255.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478071/; classtype:trojan-activity;sid:82341171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478072)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.43.119.38"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478072/; classtype:trojan-activity;sid:82341172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478073)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.43.111.57"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478073/; classtype:trojan-activity;sid:82341173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478068)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.188.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478068/; classtype:trojan-activity;sid:82341168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478066)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.162.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478066/; classtype:trojan-activity;sid:82341166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478067)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.124.27.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478067/; classtype:trojan-activity;sid:82341167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478064)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.247.57.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478064/; classtype:trojan-activity;sid:82341164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478065)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.88.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478065/; classtype:trojan-activity;sid:82341165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478062)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"186.33.124.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478062/; classtype:trojan-activity;sid:82341162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478063)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.108.234.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478063/; classtype:trojan-activity;sid:82341163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478061)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.85.172.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478061/; classtype:trojan-activity;sid:82341161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478060)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.121.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478060/; classtype:trojan-activity;sid:82341160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478059)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.212.142.42"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478059/; classtype:trojan-activity;sid:82341159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478058)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.6.194.169"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478058/; classtype:trojan-activity;sid:82341158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478057)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.25.72"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478057/; classtype:trojan-activity;sid:82341157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478056)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"88.28.240.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478056/; classtype:trojan-activity;sid:82341156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478054)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"49.70.84.28"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478054/; classtype:trojan-activity;sid:82341154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478055)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.255.19.27"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478055/; classtype:trojan-activity;sid:82341155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478053)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.253.8.183"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478053/; classtype:trojan-activity;sid:82341153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478052)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.232.79.15"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478052/; classtype:trojan-activity;sid:82341152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478051)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.197.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478051/; classtype:trojan-activity;sid:82341151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478047)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.40.84.234"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478047/; classtype:trojan-activity;sid:82341147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478048)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.210.8.78"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478048/; classtype:trojan-activity;sid:82341148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478049)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.43.109.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478049/; classtype:trojan-activity;sid:82341149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478050)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.45.8.205"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478050/; classtype:trojan-activity;sid:82341150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478046)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.166.160.162"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478046/; classtype:trojan-activity;sid:82341146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478045)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.44.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478045/; classtype:trojan-activity;sid:82341145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478044)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.221.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478044/; classtype:trojan-activity;sid:82341144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478043)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.85.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478043/; classtype:trojan-activity;sid:82341143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478042)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.114.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478042/; classtype:trojan-activity;sid:82341142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478041)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.204.216.104"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478041/; classtype:trojan-activity;sid:82341141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478040)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.20.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478040/; classtype:trojan-activity;sid:82341140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478039)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.75.215.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478039/; classtype:trojan-activity;sid:82341139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478038)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.82.98.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478038/; classtype:trojan-activity;sid:82341138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478037)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.43.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478037/; classtype:trojan-activity;sid:82341137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478036)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.89.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478036/; classtype:trojan-activity;sid:82341136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478035)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.59.213.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478035/; classtype:trojan-activity;sid:82341135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478034)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.45.41"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478034/; classtype:trojan-activity;sid:82341134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478033)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.248.82.91"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478033/; classtype:trojan-activity;sid:82341133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478032)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.162.185.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478032/; classtype:trojan-activity;sid:82341132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478031)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.232.255"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478031/; classtype:trojan-activity;sid:82341131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478029)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.127.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478029/; classtype:trojan-activity;sid:82341129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478030)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.122.231"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478030/; classtype:trojan-activity;sid:82341130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478027)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.77.208.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478027/; classtype:trojan-activity;sid:82341127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478028)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.36.202.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478028/; classtype:trojan-activity;sid:82341128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478026)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.59.84.63"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478026/; classtype:trojan-activity;sid:82341126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478025)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"177.84.23.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478025/; classtype:trojan-activity;sid:82341125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478023)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.251.50.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478023/; classtype:trojan-activity;sid:82341123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478024)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.201.199.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478024/; classtype:trojan-activity;sid:82341124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478022)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"118.233.63.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478022/; classtype:trojan-activity;sid:82341122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478021)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.90.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478021/; classtype:trojan-activity;sid:82341121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478020)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.235.91.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478020/; classtype:trojan-activity;sid:82341120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478019)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.0.218.230"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478019/; classtype:trojan-activity;sid:82341119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478018)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.11.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478018/; classtype:trojan-activity;sid:82341118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478017)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.171.166"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478017/; classtype:trojan-activity;sid:82341117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478016)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"71.190.65.13"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478016/; classtype:trojan-activity;sid:82341116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478015)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.38.114.42"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478015/; classtype:trojan-activity;sid:82341115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478014)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.183.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478014/; classtype:trojan-activity;sid:82341114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478012)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.252.93.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478012/; classtype:trojan-activity;sid:82341112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478013)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.204.167"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478013/; classtype:trojan-activity;sid:82341113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478010)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.255.12.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478010/; classtype:trojan-activity;sid:82341110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478011)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.94.202.168"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478011/; classtype:trojan-activity;sid:82341111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478009)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.252.49.165"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478009/; classtype:trojan-activity;sid:82341109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478008)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.10.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478008/; classtype:trojan-activity;sid:82341108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478007)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.14.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478007/; classtype:trojan-activity;sid:82341107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478006)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.151.212.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478006/; classtype:trojan-activity;sid:82341106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478005)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.118.135.230"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478005/; classtype:trojan-activity;sid:82341105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478003)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.63.225"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478003/; classtype:trojan-activity;sid:82341103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478004)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.186.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478004/; classtype:trojan-activity;sid:82341104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478002)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.210.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478002/; classtype:trojan-activity;sid:82341102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478001)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.8.26"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478001/; classtype:trojan-activity;sid:82341101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477999)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.83.81.172"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477999/; classtype:trojan-activity;sid:82341099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1478000)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.85.196.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1478000/; classtype:trojan-activity;sid:82341100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477998)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.42.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477998/; classtype:trojan-activity;sid:82341098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477996)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.32.87"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477996/; classtype:trojan-activity;sid:82341096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477997)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"121.188.246.214"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477997/; classtype:trojan-activity;sid:82341097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477995)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"111.179.162.55"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477995/; classtype:trojan-activity;sid:82341095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477994)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.182.222"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477994/; classtype:trojan-activity;sid:82341094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477993)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.162.69.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477993/; classtype:trojan-activity;sid:82341093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477992)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.59.213.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477992/; classtype:trojan-activity;sid:82341092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477991)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.5.37.219"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477991/; classtype:trojan-activity;sid:82341091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477990)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.94.182.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477990/; classtype:trojan-activity;sid:82341090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477988)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.248.146.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477988/; classtype:trojan-activity;sid:82341088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477989)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.255.132.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477989/; classtype:trojan-activity;sid:82341089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477987)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.72.76"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477987/; classtype:trojan-activity;sid:82341087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477985)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.6.254.61"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477985/; classtype:trojan-activity;sid:82341085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477986)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.238.249.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477986/; classtype:trojan-activity;sid:82341086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477984)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.253.13.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477984/; classtype:trojan-activity;sid:82341084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477983)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.122.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477983/; classtype:trojan-activity;sid:82341083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477982)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.122.112.85"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477982/; classtype:trojan-activity;sid:82341082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477980)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.180.12"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477980/; classtype:trojan-activity;sid:82341080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477981)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.139.78.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477981/; classtype:trojan-activity;sid:82341081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477977)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.144.236"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477977/; classtype:trojan-activity;sid:82341077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477978)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.198.55.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477978/; classtype:trojan-activity;sid:82341078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477979)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.24.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477979/; classtype:trojan-activity;sid:82341079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477976)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.21.113"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477976/; classtype:trojan-activity;sid:82341076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477972)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"171.38.193.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477972/; classtype:trojan-activity;sid:82341072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477973)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.15.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477973/; classtype:trojan-activity;sid:82341073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477974)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.211.125"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477974/; classtype:trojan-activity;sid:82341074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477975)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.85.198.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477975/; classtype:trojan-activity;sid:82341075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477971)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.10.19.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477971/; classtype:trojan-activity;sid:82341071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477970)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.142.213"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477970/; classtype:trojan-activity;sid:82341070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477969)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.196.196.46"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477969/; classtype:trojan-activity;sid:82341069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477967)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.172.186"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477967/; classtype:trojan-activity;sid:82341067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477968)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.4.157.34"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477968/; classtype:trojan-activity;sid:82341068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477965)"; flow:established,from_client; content:"GET"; http_method; content:"/r.txt"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"15.222.66.186"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477965/; classtype:trojan-activity;sid:82341065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477964)"; flow:established,from_client; content:"GET"; http_method; content:"/r.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"15.222.66.186"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477964/; classtype:trojan-activity;sid:82341064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477961)"; flow:established,from_client; content:"GET"; http_method; content:"/meterpreter-64.ps1"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"15.222.66.186"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477961/; classtype:trojan-activity;sid:82341061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477962)"; flow:established,from_client; content:"GET"; http_method; content:"/index.hta"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"15.222.66.186"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477962/; classtype:trojan-activity;sid:82341062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477963)"; flow:established,from_client; content:"GET"; http_method; content:"/a.ps1"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"15.222.66.186"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477963/; classtype:trojan-activity;sid:82341063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477960)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.171.166"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477960/; classtype:trojan-activity;sid:82341060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477959)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.248.152.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477959/; classtype:trojan-activity;sid:82341059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477958)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"49.89.196.228"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477958/; classtype:trojan-activity;sid:82341058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477956)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.255.205.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477956/; classtype:trojan-activity;sid:82341056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477957)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.255.142.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477957/; classtype:trojan-activity;sid:82341057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477955)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.249.91.64"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477955/; classtype:trojan-activity;sid:82341055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477953)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.226.82.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477953/; classtype:trojan-activity;sid:82341053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477954)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.226.89.253"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477954/; classtype:trojan-activity;sid:82341054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477952)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.235.34.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477952/; classtype:trojan-activity;sid:82341052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477950)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.36.55.182"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477950/; classtype:trojan-activity;sid:82341050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477951)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.206.186.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477951/; classtype:trojan-activity;sid:82341051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477946)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.40.118.248"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477946/; classtype:trojan-activity;sid:82341046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477947)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.46.54.170"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477947/; classtype:trojan-activity;sid:82341047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477948)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.244.186"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477948/; classtype:trojan-activity;sid:82341048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477949)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.227.247.195"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477949/; classtype:trojan-activity;sid:82341049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477945)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.45.9.192"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477945/; classtype:trojan-activity;sid:82341045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477944)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"179.227.111.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477944/; classtype:trojan-activity;sid:82341044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477943)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.59.126.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477943/; classtype:trojan-activity;sid:82341043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477941)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.122.206.183"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477941/; classtype:trojan-activity;sid:82341041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477942)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.150.211.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477942/; classtype:trojan-activity;sid:82341042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477940)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.193.69.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477940/; classtype:trojan-activity;sid:82341040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477939)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.181.237"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477939/; classtype:trojan-activity;sid:82341039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477938)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"171.42.62.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477938/; classtype:trojan-activity;sid:82341038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477937)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.201.34.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477937/; classtype:trojan-activity;sid:82341037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477936)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.40.160.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477936/; classtype:trojan-activity;sid:82341036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477935)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.79.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477935/; classtype:trojan-activity;sid:82341035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477934)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.214.60.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477934/; classtype:trojan-activity;sid:82341034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477932)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.37.141"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477932/; classtype:trojan-activity;sid:82341032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477933)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.128.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477933/; classtype:trojan-activity;sid:82341033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477931)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.30.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477931/; classtype:trojan-activity;sid:82341031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477930)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.87.1.25"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477930/; classtype:trojan-activity;sid:82341030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477929)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"49.70.3.234"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477929/; classtype:trojan-activity;sid:82341029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477928)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"118.175.228.70"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477928/; classtype:trojan-activity;sid:82341028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477927)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.197.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477927/; classtype:trojan-activity;sid:82341027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477926)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.251.51.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477926/; classtype:trojan-activity;sid:82341026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477925)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.102.52"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477925/; classtype:trojan-activity;sid:82341025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477924)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.215.82"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477924/; classtype:trojan-activity;sid:82341024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477923)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.239.179.214"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477923/; classtype:trojan-activity;sid:82341023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477922)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.153.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477922/; classtype:trojan-activity;sid:82341022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477921)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.54.205.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477921/; classtype:trojan-activity;sid:82341021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477919)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.239.179.46"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477919/; classtype:trojan-activity;sid:82341019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477920)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.45.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477920/; classtype:trojan-activity;sid:82341020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477918)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.76.209.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477918/; classtype:trojan-activity;sid:82341018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477917)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.167.165.139"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477917/; classtype:trojan-activity;sid:82341017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477915)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.255.40.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477915/; classtype:trojan-activity;sid:82341015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477916)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.6.207.208"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477916/; classtype:trojan-activity;sid:82341016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477912)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.248.142.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477912/; classtype:trojan-activity;sid:82341012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477913)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.100.234"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477913/; classtype:trojan-activity;sid:82341013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477914)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.237.127.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477914/; classtype:trojan-activity;sid:82341014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477911)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.20.148"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477911/; classtype:trojan-activity;sid:82341011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477910)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.30.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477910/; classtype:trojan-activity;sid:82341010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477907)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"35.141.54.249"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477907/; classtype:trojan-activity;sid:82341007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477908)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.248.79.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477908/; classtype:trojan-activity;sid:82341008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477909)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.45.14.199"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477909/; classtype:trojan-activity;sid:82341009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477905)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.166.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477905/; classtype:trojan-activity;sid:82341005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477906)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.3.95"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477906/; classtype:trojan-activity;sid:82341006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477904)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.175.25.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477904/; classtype:trojan-activity;sid:82341004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477903)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"14.182.3.203"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477903/; classtype:trojan-activity;sid:82341003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477902)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.250.233.139"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477902/; classtype:trojan-activity;sid:82341002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477900)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.153.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477900/; classtype:trojan-activity;sid:82341000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477901)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.251.52.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477901/; classtype:trojan-activity;sid:82341001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477899)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.143.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477899/; classtype:trojan-activity;sid:82340999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477898)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.131.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477898/; classtype:trojan-activity;sid:82340998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477897)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.85.199.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477897/; classtype:trojan-activity;sid:82340997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477896)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.85.187.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477896/; classtype:trojan-activity;sid:82340996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477895)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.41.25.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477895/; classtype:trojan-activity;sid:82340995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477894)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"111.92.117.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477894/; classtype:trojan-activity;sid:82340994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477893)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.98.41.237"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477893/; classtype:trojan-activity;sid:82340993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477892)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.201.56.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477892/; classtype:trojan-activity;sid:82340992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477888)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.12.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477888/; classtype:trojan-activity;sid:82340988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477889)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.76.143"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477889/; classtype:trojan-activity;sid:82340989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477890)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.247.165.183"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477890/; classtype:trojan-activity;sid:82340990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477891)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.251.60.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477891/; classtype:trojan-activity;sid:82340991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477886)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.86.92.157"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477886/; classtype:trojan-activity;sid:82340986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477887)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.238.195.247"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477887/; classtype:trojan-activity;sid:82340987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477884)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.54.218.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477884/; classtype:trojan-activity;sid:82340984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477885)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.57.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477885/; classtype:trojan-activity;sid:82340985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477881)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.105.63"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477881/; classtype:trojan-activity;sid:82340981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477882)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.85.172.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477882/; classtype:trojan-activity;sid:82340982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477883)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.122.112.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477883/; classtype:trojan-activity;sid:82340983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477880)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"111.92.77.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477880/; classtype:trojan-activity;sid:82340980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477878)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.30.1.180"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477878/; classtype:trojan-activity;sid:82340978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477879)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.160.116"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477879/; classtype:trojan-activity;sid:82340979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477877)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.122.112.10"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477877/; classtype:trojan-activity;sid:82340977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477876)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.249.88.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477876/; classtype:trojan-activity;sid:82340976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477875)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.243.49.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477875/; classtype:trojan-activity;sid:82340975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477874)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.66.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477874/; classtype:trojan-activity;sid:82340974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477870)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.64.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477870/; classtype:trojan-activity;sid:82340970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477871)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.45.58.221"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477871/; classtype:trojan-activity;sid:82340971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477872)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.237.160.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477872/; classtype:trojan-activity;sid:82340972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477873)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.197.14.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477873/; classtype:trojan-activity;sid:82340973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477869)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.248.145.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477869/; classtype:trojan-activity;sid:82340969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477868)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.207.125.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477868/; classtype:trojan-activity;sid:82340968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477866)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.32.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477866/; classtype:trojan-activity;sid:82340966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477867)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.241.185.249"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477867/; classtype:trojan-activity;sid:82340967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477862)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"121.35.96.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477862/; classtype:trojan-activity;sid:82340962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477863)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.186.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477863/; classtype:trojan-activity;sid:82340963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477864)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.189.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477864/; classtype:trojan-activity;sid:82340964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477865)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.240.55"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477865/; classtype:trojan-activity;sid:82340965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477861)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.87.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477861/; classtype:trojan-activity;sid:82340961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477859)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.160.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477859/; classtype:trojan-activity;sid:82340959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477860)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.228.136.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477860/; classtype:trojan-activity;sid:82340960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477857)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.51.125.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477857/; classtype:trojan-activity;sid:82340957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477858)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.89.103.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477858/; classtype:trojan-activity;sid:82340958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477856)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.10.147.148"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477856/; classtype:trojan-activity;sid:82340956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477855)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.156.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477855/; classtype:trojan-activity;sid:82340955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477854)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.203.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477854/; classtype:trojan-activity;sid:82340954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477853)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.55.23.239"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477853/; classtype:trojan-activity;sid:82340953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477852)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.249.90.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477852/; classtype:trojan-activity;sid:82340952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477848)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.43.119.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477848/; classtype:trojan-activity;sid:82340948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477849)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.252.202.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477849/; classtype:trojan-activity;sid:82340949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477850)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"218.68.68.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477850/; classtype:trojan-activity;sid:82340950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477851)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.40.78.34"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477851/; classtype:trojan-activity;sid:82340951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477847)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.248.115.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477847/; classtype:trojan-activity;sid:82340947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477846)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"186.227.148.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477846/; classtype:trojan-activity;sid:82340946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477844)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"180.116.217.151"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477844/; classtype:trojan-activity;sid:82340944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477845)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.97.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477845/; classtype:trojan-activity;sid:82340945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477843)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.182.3.203"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477843/; classtype:trojan-activity;sid:82340943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477842)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.204.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477842/; classtype:trojan-activity;sid:82340942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477841)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"122.136.18.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477841/; classtype:trojan-activity;sid:82340941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477840)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.99.204.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477840/; classtype:trojan-activity;sid:82340940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477837)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.85.237.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477837/; classtype:trojan-activity;sid:82340937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477838)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.85.168.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477838/; classtype:trojan-activity;sid:82340938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477839)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.147.22.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477839/; classtype:trojan-activity;sid:82340939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477836)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.62.145.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477836/; classtype:trojan-activity;sid:82340936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477835)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.59.211.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477835/; classtype:trojan-activity;sid:82340935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477834)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"114.92.245.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477834/; classtype:trojan-activity;sid:82340934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477832)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.20.201.245"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477832/; classtype:trojan-activity;sid:82340932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477833)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.110.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477833/; classtype:trojan-activity;sid:82340933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477831)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.246.227.247"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477831/; classtype:trojan-activity;sid:82340931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477830)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.92.223.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477830/; classtype:trojan-activity;sid:82340930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477829)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.73.177"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477829/; classtype:trojan-activity;sid:82340929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477828)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.255.210.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477828/; classtype:trojan-activity;sid:82340928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477827)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.140.21.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477827/; classtype:trojan-activity;sid:82340927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477826)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.232.238.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477826/; classtype:trojan-activity;sid:82340926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477825)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.255.19.27"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477825/; classtype:trojan-activity;sid:82340925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477823)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.249.76.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477823/; classtype:trojan-activity;sid:82340923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477824)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.45.37.160"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477824/; classtype:trojan-activity;sid:82340924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477822)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.245.127"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477822/; classtype:trojan-activity;sid:82340922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477821)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"170.79.86.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477821/; classtype:trojan-activity;sid:82340921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477820)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.173.103.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477820/; classtype:trojan-activity;sid:82340920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477818)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.114.80.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477818/; classtype:trojan-activity;sid:82340918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477819)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.29.105"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477819/; classtype:trojan-activity;sid:82340919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477816)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.23.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477816/; classtype:trojan-activity;sid:82340916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477817)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.251.51.143"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477817/; classtype:trojan-activity;sid:82340917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477815)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.61.106.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477815/; classtype:trojan-activity;sid:82340915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477814)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.130.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477814/; classtype:trojan-activity;sid:82340914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477813)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.156.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477813/; classtype:trojan-activity;sid:82340913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477812)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.204.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477812/; classtype:trojan-activity;sid:82340912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477811)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.198.102"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477811/; classtype:trojan-activity;sid:82340911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477810)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.66.229"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477810/; classtype:trojan-activity;sid:82340910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477809)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.249.72.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477809/; classtype:trojan-activity;sid:82340909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477806)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.6.241.248"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477806/; classtype:trojan-activity;sid:82340906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477807)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.242.87"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477807/; classtype:trojan-activity;sid:82340907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477808)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.29.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477808/; classtype:trojan-activity;sid:82340908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477804)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.94.199.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477804/; classtype:trojan-activity;sid:82340904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477805)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.244.144"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477805/; classtype:trojan-activity;sid:82340905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477803)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.147.53.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477803/; classtype:trojan-activity;sid:82340903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477802)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.230.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477802/; classtype:trojan-activity;sid:82340902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477801)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.90.20"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477801/; classtype:trojan-activity;sid:82340901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477797)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.85.239.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477797/; classtype:trojan-activity;sid:82340897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477798)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.204.210.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477798/; classtype:trojan-activity;sid:82340898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477799)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"171.34.178.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477799/; classtype:trojan-activity;sid:82340899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477800)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"122.191.176.4"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477800/; classtype:trojan-activity;sid:82340900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477795)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.142.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477795/; classtype:trojan-activity;sid:82340895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477796)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.233.216.96"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477796/; classtype:trojan-activity;sid:82340896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477794)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.59.254.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477794/; classtype:trojan-activity;sid:82340894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477793)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.235.113.78"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477793/; classtype:trojan-activity;sid:82340893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477792)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.92.223.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477792/; classtype:trojan-activity;sid:82340892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477791)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.96.25.238"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477791/; classtype:trojan-activity;sid:82340891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477790)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.112.51.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477790/; classtype:trojan-activity;sid:82340890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477789)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.30.1.152"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477789/; classtype:trojan-activity;sid:82340889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477787)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.27.187"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477787/; classtype:trojan-activity;sid:82340887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477788)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.41.235"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477788/; classtype:trojan-activity;sid:82340888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477785)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.150.123"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477785/; classtype:trojan-activity;sid:82340885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477786)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.225.230.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477786/; classtype:trojan-activity;sid:82340886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477782)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.249.72.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477782/; classtype:trojan-activity;sid:82340882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477783)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.94.181.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477783/; classtype:trojan-activity;sid:82340883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477784)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"49.89.172.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477784/; classtype:trojan-activity;sid:82340884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477781)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"218.255.226.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477781/; classtype:trojan-activity;sid:82340881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477778)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.214.236.144"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477778/; classtype:trojan-activity;sid:82340878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477779)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.47.74.66"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477779/; classtype:trojan-activity;sid:82340879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477780)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.43.112.100"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477780/; classtype:trojan-activity;sid:82340880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477777)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.83.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477777/; classtype:trojan-activity;sid:82340877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477776)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.253.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477776/; classtype:trojan-activity;sid:82340876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477775)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.85.255.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477775/; classtype:trojan-activity;sid:82340875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477774)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.125.247.138"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477774/; classtype:trojan-activity;sid:82340874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477773)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.239.176.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477773/; classtype:trojan-activity;sid:82340873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477772)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.10.146.148"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477772/; classtype:trojan-activity;sid:82340872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477771)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.81.130.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477771/; classtype:trojan-activity;sid:82340871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477770)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.43.64.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477770/; classtype:trojan-activity;sid:82340870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477769)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.40.149.149"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477769/; classtype:trojan-activity;sid:82340869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477768)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.89.12.20"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477768/; classtype:trojan-activity;sid:82340868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477767)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.243.116.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477767/; classtype:trojan-activity;sid:82340867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477766)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.19.221"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477766/; classtype:trojan-activity;sid:82340866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477764)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.18.193"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477764/; classtype:trojan-activity;sid:82340864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477765)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.25.238"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477765/; classtype:trojan-activity;sid:82340865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477763)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.99.138.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477763/; classtype:trojan-activity;sid:82340863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477762)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.40.103.151"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477762/; classtype:trojan-activity;sid:82340862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477761)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.1.227.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477761/; classtype:trojan-activity;sid:82340861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477760)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.54.134.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477760/; classtype:trojan-activity;sid:82340860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477759)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.85.238.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477759/; classtype:trojan-activity;sid:82340859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477753)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.11.190.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477753/; classtype:trojan-activity;sid:82340853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477754)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.162.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477754/; classtype:trojan-activity;sid:82340854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477755)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.125.38.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477755/; classtype:trojan-activity;sid:82340855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477756)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.251.58.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477756/; classtype:trojan-activity;sid:82340856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477757)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.7.18.28"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477757/; classtype:trojan-activity;sid:82340857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477758)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.196.138"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477758/; classtype:trojan-activity;sid:82340858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477752)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.85.237.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477752/; classtype:trojan-activity;sid:82340852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477751)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.94.199.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477751/; classtype:trojan-activity;sid:82340851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477750)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.105.71.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477750/; classtype:trojan-activity;sid:82340850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477749)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.51.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477749/; classtype:trojan-activity;sid:82340849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477748)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.64.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477748/; classtype:trojan-activity;sid:82340848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477747)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.87.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477747/; classtype:trojan-activity;sid:82340847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477746)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.79.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477746/; classtype:trojan-activity;sid:82340846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477745)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.93.17"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477745/; classtype:trojan-activity;sid:82340845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477744)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.81.130.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477744/; classtype:trojan-activity;sid:82340844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477742)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.40.246"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477742/; classtype:trojan-activity;sid:82340842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477743)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.253.12.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477743/; classtype:trojan-activity;sid:82340843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477740)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"121.153.144.128"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477740/; classtype:trojan-activity;sid:82340840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477741)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.218.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477741/; classtype:trojan-activity;sid:82340841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477738)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.29.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477738/; classtype:trojan-activity;sid:82340838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477739)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.249.80.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477739/; classtype:trojan-activity;sid:82340839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477736)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.37.198.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477736/; classtype:trojan-activity;sid:82340836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477737)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.119.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477737/; classtype:trojan-activity;sid:82340837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477735)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.78.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477735/; classtype:trojan-activity;sid:82340835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477734)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.186.209.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477734/; classtype:trojan-activity;sid:82340834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477733)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.23.162.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477733/; classtype:trojan-activity;sid:82340833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477732)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.61.110.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477732/; classtype:trojan-activity;sid:82340832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477731)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.25.248.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477731/; classtype:trojan-activity;sid:82340831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477730)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.49.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477730/; classtype:trojan-activity;sid:82340830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477729)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.85.196.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477729/; classtype:trojan-activity;sid:82340829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477728)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.240.137.119"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477728/; classtype:trojan-activity;sid:82340828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477727)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.251.178.247"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477727/; classtype:trojan-activity;sid:82340827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477726)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.138.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477726/; classtype:trojan-activity;sid:82340826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477725)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"161.10.105.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477725/; classtype:trojan-activity;sid:82340825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477723)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"77.43.129.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477723/; classtype:trojan-activity;sid:82340823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477724)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.37.110"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477724/; classtype:trojan-activity;sid:82340824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477721)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.166.176.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477721/; classtype:trojan-activity;sid:82340821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477722)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.94.198.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477722/; classtype:trojan-activity;sid:82340822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477720)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.248.144.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477720/; classtype:trojan-activity;sid:82340820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477719)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.254.22.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477719/; classtype:trojan-activity;sid:82340819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477717)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.140.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477717/; classtype:trojan-activity;sid:82340817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477718)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.43.250"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477718/; classtype:trojan-activity;sid:82340818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477714)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.95.151"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477714/; classtype:trojan-activity;sid:82340814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477715)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.43.115.107"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477715/; classtype:trojan-activity;sid:82340815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477716)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.77.163.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477716/; classtype:trojan-activity;sid:82340816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477713)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.25.17"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477713/; classtype:trojan-activity;sid:82340813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477712)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.26.22"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477712/; classtype:trojan-activity;sid:82340812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477711)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.154.115.156"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477711/; classtype:trojan-activity;sid:82340811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477710)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.57.74.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477710/; classtype:trojan-activity;sid:82340810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477709)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.168.86"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477709/; classtype:trojan-activity;sid:82340809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477708)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.194.2.144"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477708/; classtype:trojan-activity;sid:82340808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477706)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.5.60.157"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477706/; classtype:trojan-activity;sid:82340806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477707)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.43.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477707/; classtype:trojan-activity;sid:82340807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477704)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.31.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477704/; classtype:trojan-activity;sid:82340804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477705)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.20.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477705/; classtype:trojan-activity;sid:82340805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477703)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.30.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477703/; classtype:trojan-activity;sid:82340803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477702)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.2.163.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477702/; classtype:trojan-activity;sid:82340802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477701)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.98.201.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477701/; classtype:trojan-activity;sid:82340801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477700)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.92.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477700/; classtype:trojan-activity;sid:82340800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477699)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.163.25"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477699/; classtype:trojan-activity;sid:82340799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477698)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.175.36"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477698/; classtype:trojan-activity;sid:82340798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477697)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.30.196.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477697/; classtype:trojan-activity;sid:82340797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477696)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.30.110.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477696/; classtype:trojan-activity;sid:82340796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477695)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.245.184"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477695/; classtype:trojan-activity;sid:82340795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477694)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.87.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477694/; classtype:trojan-activity;sid:82340794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477693)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.251.178.247"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477693/; classtype:trojan-activity;sid:82340793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477692)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.98.51.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477692/; classtype:trojan-activity;sid:82340792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477691)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"118.201.228.92"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477691/; classtype:trojan-activity;sid:82340791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477689)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.38.117.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477689/; classtype:trojan-activity;sid:82340789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477690)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.98.102.191"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477690/; classtype:trojan-activity;sid:82340790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477688)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.210.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477688/; classtype:trojan-activity;sid:82340788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477687)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.95.124"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477687/; classtype:trojan-activity;sid:82340787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477686)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"49.89.171.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477686/; classtype:trojan-activity;sid:82340786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477682)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.74.30.53"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477682/; classtype:trojan-activity;sid:82340782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477683)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"49.89.224.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477683/; classtype:trojan-activity;sid:82340783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477684)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.249.81.245"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477684/; classtype:trojan-activity;sid:82340784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477685)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.255.141.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477685/; classtype:trojan-activity;sid:82340785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477680)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.249.88.63"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477680/; classtype:trojan-activity;sid:82340780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477681)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.45.37.110"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477681/; classtype:trojan-activity;sid:82340781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477679)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.142.253.119"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477679/; classtype:trojan-activity;sid:82340779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477678)"; flow:established,from_client; content:"GET"; http_method; content:"/vendors/eve/3.txt"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"apployal.fmf.com.fj"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477678/; classtype:trojan-activity;sid:82340778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477677)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.204.190"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477677/; classtype:trojan-activity;sid:82340777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477676)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.122.219.126"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477676/; classtype:trojan-activity;sid:82340776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477673)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.46.138.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477673/; classtype:trojan-activity;sid:82340773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477674)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.11.108"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477674/; classtype:trojan-activity;sid:82340774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477675)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.8.1.145"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477675/; classtype:trojan-activity;sid:82340775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477670)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"171.123.154.0"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477670/; classtype:trojan-activity;sid:82340770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477671)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.114.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477671/; classtype:trojan-activity;sid:82340771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477672)"; flow:established,from_client; content:"GET"; http_method; content:"/vendors/eve/2.jpg"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"apployal.fmf.com.fj"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477672/; classtype:trojan-activity;sid:82340772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477669)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.136.115.174"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477669/; classtype:trojan-activity;sid:82340769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477666)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.204.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477666/; classtype:trojan-activity;sid:82340766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477667)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.179.184"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477667/; classtype:trojan-activity;sid:82340767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477668)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.88.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477668/; classtype:trojan-activity;sid:82340768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477665)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.92.164.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477665/; classtype:trojan-activity;sid:82340765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477663)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.247.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477663/; classtype:trojan-activity;sid:82340763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477664)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"118.79.72.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477664/; classtype:trojan-activity;sid:82340764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477660)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.79.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477660/; classtype:trojan-activity;sid:82340760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477661)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.191.144.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477661/; classtype:trojan-activity;sid:82340761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477662)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.63.206.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477662/; classtype:trojan-activity;sid:82340762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477659)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"111.162.184.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477659/; classtype:trojan-activity;sid:82340759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477658)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.167.165.139"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477658/; classtype:trojan-activity;sid:82340758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477657)"; flow:established,from_client; content:"GET"; http_method; content:"/downloaddocument.do|3f|docid=opxqf1a2bc4746c5c4f4a8a0ab06af78bf38a|7c|26|7c|docextn=png"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"docs.zohopublic.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477657/; classtype:trojan-activity;sid:82340757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477656)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"121.171.192.125"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477656/; classtype:trojan-activity;sid:82340756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477655)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"88.31.166.27"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477655/; classtype:trojan-activity;sid:82340755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477654)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.77.55"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477654/; classtype:trojan-activity;sid:82340754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477653)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.199.168"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477653/; classtype:trojan-activity;sid:82340753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477652)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.90.10.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477652/; classtype:trojan-activity;sid:82340752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477650)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.255.205.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477650/; classtype:trojan-activity;sid:82340750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477651)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.249.73.143"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477651/; classtype:trojan-activity;sid:82340751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477649)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.134.175.222"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477649/; classtype:trojan-activity;sid:82340749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477648)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.126.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477648/; classtype:trojan-activity;sid:82340748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477646)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.194.156.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477646/; classtype:trojan-activity;sid:82340746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477647)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.46.54.209"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477647/; classtype:trojan-activity;sid:82340747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477645)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"31.181.66.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477645/; classtype:trojan-activity;sid:82340745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477643)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.221.191.71"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477643/; classtype:trojan-activity;sid:82340743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477644)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.44.71.154"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477644/; classtype:trojan-activity;sid:82340744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477642)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"153.34.108.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477642/; classtype:trojan-activity;sid:82340742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477641)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.124.115.159"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477641/; classtype:trojan-activity;sid:82340741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477640)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.94.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477640/; classtype:trojan-activity;sid:82340740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477639)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.62.60.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477639/; classtype:trojan-activity;sid:82340739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477637)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.135.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477637/; classtype:trojan-activity;sid:82340737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477638)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.175.49"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477638/; classtype:trojan-activity;sid:82340738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477635)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"121.24.21.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477635/; classtype:trojan-activity;sid:82340735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477636)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.161.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477636/; classtype:trojan-activity;sid:82340736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477634)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.198.247.237"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477634/; classtype:trojan-activity;sid:82340734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477633)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.239.182.183"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477633/; classtype:trojan-activity;sid:82340733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477632)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"111.38.123.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477632/; classtype:trojan-activity;sid:82340732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477631)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.78.116.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477631/; classtype:trojan-activity;sid:82340731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477630)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"121.61.67.155"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477630/; classtype:trojan-activity;sid:82340730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477629)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.98.102.191"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477629/; classtype:trojan-activity;sid:82340729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477627)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.249.9.39"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477627/; classtype:trojan-activity;sid:82340727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477628)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.252.177.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477628/; classtype:trojan-activity;sid:82340728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477626)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.192.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477626/; classtype:trojan-activity;sid:82340726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477625)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.249.76.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477625/; classtype:trojan-activity;sid:82340725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477622)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.212.103"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477622/; classtype:trojan-activity;sid:82340722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477623)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.139.92.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477623/; classtype:trojan-activity;sid:82340723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477624)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.3.252"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477624/; classtype:trojan-activity;sid:82340724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477621)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.95.151"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477621/; classtype:trojan-activity;sid:82340721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477620)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.230.43.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477620/; classtype:trojan-activity;sid:82340720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477618)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.106.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477618/; classtype:trojan-activity;sid:82340718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477619)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.233.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477619/; classtype:trojan-activity;sid:82340719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477616)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.179.172.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477616/; classtype:trojan-activity;sid:82340716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477617)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.251.49.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477617/; classtype:trojan-activity;sid:82340717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477615)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.140.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477615/; classtype:trojan-activity;sid:82340715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477614)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.78.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477614/; classtype:trojan-activity;sid:82340714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477613)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.52.23.213"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477613/; classtype:trojan-activity;sid:82340713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477612)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.123.172.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477612/; classtype:trojan-activity;sid:82340712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477611)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.202.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477611/; classtype:trojan-activity;sid:82340711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477610)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.168.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477610/; classtype:trojan-activity;sid:82340710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477609)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.40.102.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477609/; classtype:trojan-activity;sid:82340709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477607)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.0.208.96"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477607/; classtype:trojan-activity;sid:82340707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477608)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.179.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477608/; classtype:trojan-activity;sid:82340708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477606)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.191.71"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477606/; classtype:trojan-activity;sid:82340706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477605)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.52.228.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477605/; classtype:trojan-activity;sid:82340705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477604)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.86.215"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477604/; classtype:trojan-activity;sid:82340704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477602)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.129.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477602/; classtype:trojan-activity;sid:82340702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477603)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.201.25.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477603/; classtype:trojan-activity;sid:82340703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477601)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.184.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477601/; classtype:trojan-activity;sid:82340701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477599)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.23.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477599/; classtype:trojan-activity;sid:82340699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477600)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.186.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477600/; classtype:trojan-activity;sid:82340700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477598)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"118.75.142.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477598/; classtype:trojan-activity;sid:82340698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477597)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.164.131.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477597/; classtype:trojan-activity;sid:82340697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477596)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"101.233.122.229"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477596/; classtype:trojan-activity;sid:82340696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477595)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.117.203.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477595/; classtype:trojan-activity;sid:82340695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477594)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.243.147"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477594/; classtype:trojan-activity;sid:82340694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477593)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.219.141.49"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477593/; classtype:trojan-activity;sid:82340693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477592)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.168.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477592/; classtype:trojan-activity;sid:82340692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477590)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.52.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477590/; classtype:trojan-activity;sid:82340690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477591)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.40.74.7"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477591/; classtype:trojan-activity;sid:82340691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477585)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.59.218.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477585/; classtype:trojan-activity;sid:82340685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477586)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"180.137.148.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477586/; classtype:trojan-activity;sid:82340686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477587)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.229.216.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477587/; classtype:trojan-activity;sid:82340687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477588)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.214.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477588/; classtype:trojan-activity;sid:82340688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477589)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.207.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477589/; classtype:trojan-activity;sid:82340689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477584)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.173.247"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477584/; classtype:trojan-activity;sid:82340684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477581)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.43.117.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477581/; classtype:trojan-activity;sid:82340681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477582)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.96.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477582/; classtype:trojan-activity;sid:82340682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477583)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.65.248.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477583/; classtype:trojan-activity;sid:82340683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477580)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.190.199.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477580/; classtype:trojan-activity;sid:82340680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477577)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.46.47.93"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477577/; classtype:trojan-activity;sid:82340677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477578)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.30.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477578/; classtype:trojan-activity;sid:82340678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477579)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.37.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477579/; classtype:trojan-activity;sid:82340679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477575)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.188.75.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477575/; classtype:trojan-activity;sid:82340675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477576)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.13.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477576/; classtype:trojan-activity;sid:82340676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477574)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.83.143"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477574/; classtype:trojan-activity;sid:82340674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477573)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.199.254"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477573/; classtype:trojan-activity;sid:82340673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477572)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.85.197.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477572/; classtype:trojan-activity;sid:82340672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477571)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.204.209.40"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477571/; classtype:trojan-activity;sid:82340671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477570)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.125.38.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477570/; classtype:trojan-activity;sid:82340670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477569)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.78.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477569/; classtype:trojan-activity;sid:82340669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477568)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.174.154"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477568/; classtype:trojan-activity;sid:82340668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477566)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.116.129.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477566/; classtype:trojan-activity;sid:82340666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477567)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.239.179.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477567/; classtype:trojan-activity;sid:82340667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477565)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.90.246.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477565/; classtype:trojan-activity;sid:82340665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477564)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.249.20.125"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477564/; classtype:trojan-activity;sid:82340664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477563)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.253.8.183"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477563/; classtype:trojan-activity;sid:82340663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477561)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.240.126.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477561/; classtype:trojan-activity;sid:82340661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477562)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.26.202"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477562/; classtype:trojan-activity;sid:82340662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477560)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.249.77.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477560/; classtype:trojan-activity;sid:82340660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477558)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.255.210.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477558/; classtype:trojan-activity;sid:82340658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477559)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.25.244"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477559/; classtype:trojan-activity;sid:82340659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477556)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.41.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477556/; classtype:trojan-activity;sid:82340656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477557)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.17.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477557/; classtype:trojan-activity;sid:82340657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477555)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.7.213"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477555/; classtype:trojan-activity;sid:82340655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477553)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.45.11.226"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477553/; classtype:trojan-activity;sid:82340653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477554)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.45.90.163"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477554/; classtype:trojan-activity;sid:82340654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477552)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.142.123.181"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477552/; classtype:trojan-activity;sid:82340652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477551)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"177.86.235.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477551/; classtype:trojan-activity;sid:82340651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477549)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"171.35.168.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477549/; classtype:trojan-activity;sid:82340649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477550)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.118.83"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477550/; classtype:trojan-activity;sid:82340650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477548)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"171.34.178.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477548/; classtype:trojan-activity;sid:82340648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477547)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.73.70.125"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477547/; classtype:trojan-activity;sid:82340647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477546)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.211.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477546/; classtype:trojan-activity;sid:82340646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477544)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.8.255.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477544/; classtype:trojan-activity;sid:82340644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477545)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.125.5.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477545/; classtype:trojan-activity;sid:82340645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477543)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.21.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477543/; classtype:trojan-activity;sid:82340643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477541)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.85.238.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477541/; classtype:trojan-activity;sid:82340641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477542)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.167.22"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477542/; classtype:trojan-activity;sid:82340642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477540)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"150.116.111.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477540/; classtype:trojan-activity;sid:82340640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477539)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.237.66.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477539/; classtype:trojan-activity;sid:82340639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477538)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.220.2.95"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477538/; classtype:trojan-activity;sid:82340638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477537)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"187.73.245.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477537/; classtype:trojan-activity;sid:82340637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477535)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.123.244.225"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477535/; classtype:trojan-activity;sid:82340635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477536)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"195.123.162.40"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477536/; classtype:trojan-activity;sid:82340636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477534)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.85.236.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477534/; classtype:trojan-activity;sid:82340634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477533)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.45.139.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477533/; classtype:trojan-activity;sid:82340633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477531)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"150.255.179.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477531/; classtype:trojan-activity;sid:82340631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477532)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.125.138.171"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477532/; classtype:trojan-activity;sid:82340632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477530)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.184.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477530/; classtype:trojan-activity;sid:82340630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477529)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.201.44.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477529/; classtype:trojan-activity;sid:82340629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477528)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.108.101.244"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477528/; classtype:trojan-activity;sid:82340628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477527)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.249.24.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477527/; classtype:trojan-activity;sid:82340627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477526)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.51.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477526/; classtype:trojan-activity;sid:82340626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477525)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.75.196.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477525/; classtype:trojan-activity;sid:82340625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477524)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.220.2.95"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477524/; classtype:trojan-activity;sid:82340624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477523)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.71.80"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477523/; classtype:trojan-activity;sid:82340623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477522)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.98.101.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477522/; classtype:trojan-activity;sid:82340622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477521)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.99.227"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477521/; classtype:trojan-activity;sid:82340621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477520)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.17.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477520/; classtype:trojan-activity;sid:82340620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477519)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.135.85.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477519/; classtype:trojan-activity;sid:82340619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477518)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.45.33.245"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477518/; classtype:trojan-activity;sid:82340618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477517)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.207.251.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477517/; classtype:trojan-activity;sid:82340617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477514)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.40.119.47"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477514/; classtype:trojan-activity;sid:82340614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477515)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.216.201.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477515/; classtype:trojan-activity;sid:82340615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477516)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"210.3.214.230"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477516/; classtype:trojan-activity;sid:82340616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477512)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.184.89.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477512/; classtype:trojan-activity;sid:82340612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477513)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.89.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477513/; classtype:trojan-activity;sid:82340613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477511)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.45.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477511/; classtype:trojan-activity;sid:82340611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477510)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.10.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477510/; classtype:trojan-activity;sid:82340610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477509)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.136.87.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477509/; classtype:trojan-activity;sid:82340609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477508)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.112.246.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477508/; classtype:trojan-activity;sid:82340608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477507)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.194.130.177"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477507/; classtype:trojan-activity;sid:82340607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477506)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.62.188.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477506/; classtype:trojan-activity;sid:82340606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477505)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.99.41.235"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477505/; classtype:trojan-activity;sid:82340605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477504)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.184.185.102"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477504/; classtype:trojan-activity;sid:82340604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477503)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.116.32.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477503/; classtype:trojan-activity;sid:82340603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477502)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.161.60.115"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477502/; classtype:trojan-activity;sid:82340602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477501)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.51.19.145"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477501/; classtype:trojan-activity;sid:82340601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477500)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.26.219.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477500/; classtype:trojan-activity;sid:82340600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477499)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"49.89.172.105"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477499/; classtype:trojan-activity;sid:82340599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477498)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.177.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477498/; classtype:trojan-activity;sid:82340598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477497)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.92.204.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477497/; classtype:trojan-activity;sid:82340597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477495)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.124.207.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477495/; classtype:trojan-activity;sid:82340595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477496)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.80.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477496/; classtype:trojan-activity;sid:82340596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477494)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.255.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477494/; classtype:trojan-activity;sid:82340594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477493)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.41.11.189"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477493/; classtype:trojan-activity;sid:82340593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477492)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.46.45.184"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477492/; classtype:trojan-activity;sid:82340592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477491)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.255.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477491/; classtype:trojan-activity;sid:82340591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477489)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"153.101.63.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477489/; classtype:trojan-activity;sid:82340589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477490)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.45.54.120"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477490/; classtype:trojan-activity;sid:82340590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477488)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.85.170.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477488/; classtype:trojan-activity;sid:82340588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477487)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.90.30.42"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477487/; classtype:trojan-activity;sid:82340587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477485)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.251.51.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477485/; classtype:trojan-activity;sid:82340585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477486)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.248.192.40"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477486/; classtype:trojan-activity;sid:82340586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477483)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"118.79.4.96"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477483/; classtype:trojan-activity;sid:82340583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477484)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.87.90.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477484/; classtype:trojan-activity;sid:82340584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477482)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.193.132.230"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477482/; classtype:trojan-activity;sid:82340582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477481)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.233.64.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477481/; classtype:trojan-activity;sid:82340581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477480)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.171.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477480/; classtype:trojan-activity;sid:82340580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477479)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.116.150.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477479/; classtype:trojan-activity;sid:82340579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477477)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"14.160.61.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477477/; classtype:trojan-activity;sid:82340577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477478)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.45.35.48"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477478/; classtype:trojan-activity;sid:82340578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477476)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.197.100"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477476/; classtype:trojan-activity;sid:82340576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477475)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.6.137.195"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477475/; classtype:trojan-activity;sid:82340575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477473)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.249.80.252"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477473/; classtype:trojan-activity;sid:82340573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477474)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.45.57.194"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477474/; classtype:trojan-activity;sid:82340574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477472)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.227.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477472/; classtype:trojan-activity;sid:82340572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477471)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.119.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477471/; classtype:trojan-activity;sid:82340571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477470)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.116.32.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477470/; classtype:trojan-activity;sid:82340570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477469)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.129.129.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477469/; classtype:trojan-activity;sid:82340569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477466)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.43.45.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477466/; classtype:trojan-activity;sid:82340566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477467)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.85.238.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477467/; classtype:trojan-activity;sid:82340567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477468)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.201.42.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477468/; classtype:trojan-activity;sid:82340568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477465)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"151.51.152.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477465/; classtype:trojan-activity;sid:82340565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477463)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.44.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477463/; classtype:trojan-activity;sid:82340563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477464)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.13.118.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477464/; classtype:trojan-activity;sid:82340564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477462)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.202.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477462/; classtype:trojan-activity;sid:82340562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477461)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.130.0.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477461/; classtype:trojan-activity;sid:82340561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477460)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.97.136.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477460/; classtype:trojan-activity;sid:82340560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477459)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.31.211.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477459/; classtype:trojan-activity;sid:82340559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477458)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.72.160.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477458/; classtype:trojan-activity;sid:82340558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477457)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.187.251.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477457/; classtype:trojan-activity;sid:82340557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477456)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.185.1.120"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477456/; classtype:trojan-activity;sid:82340556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477455)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.254.3.27"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477455/; classtype:trojan-activity;sid:82340555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477454)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.191.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477454/; classtype:trojan-activity;sid:82340554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477450)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.249.74.225"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477450/; classtype:trojan-activity;sid:82340550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477451)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.140.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477451/; classtype:trojan-activity;sid:82340551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477452)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.231.209.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477452/; classtype:trojan-activity;sid:82340552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477453)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.73.203"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477453/; classtype:trojan-activity;sid:82340553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477449)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.235.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477449/; classtype:trojan-activity;sid:82340549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477447)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.175.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477447/; classtype:trojan-activity;sid:82340547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477448)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.229.178.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477448/; classtype:trojan-activity;sid:82340548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477445)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.86.146.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477445/; classtype:trojan-activity;sid:82340545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477446)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.125.194.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477446/; classtype:trojan-activity;sid:82340546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477443)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.251.53.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477443/; classtype:trojan-activity;sid:82340543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477444)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.123.100.80"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477444/; classtype:trojan-activity;sid:82340544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477442)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.85.198.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477442/; classtype:trojan-activity;sid:82340542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477440)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.199.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477440/; classtype:trojan-activity;sid:82340540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477441)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.225.3.83"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477441/; classtype:trojan-activity;sid:82340541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477439)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.29.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477439/; classtype:trojan-activity;sid:82340539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477438)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.16.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477438/; classtype:trojan-activity;sid:82340538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477436)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.171.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477436/; classtype:trojan-activity;sid:82340536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477437)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.11.127.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477437/; classtype:trojan-activity;sid:82340537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477435)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.184.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477435/; classtype:trojan-activity;sid:82340535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477434)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.238.159.11"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477434/; classtype:trojan-activity;sid:82340534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477433)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.126.168"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477433/; classtype:trojan-activity;sid:82340533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477431)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.101.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477431/; classtype:trojan-activity;sid:82340531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477432)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.248.153.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477432/; classtype:trojan-activity;sid:82340532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477430)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.249.72.100"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477430/; classtype:trojan-activity;sid:82340530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477428)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"49.79.210.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477428/; classtype:trojan-activity;sid:82340528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477429)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.249.87.63"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477429/; classtype:trojan-activity;sid:82340529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477427)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.167.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477427/; classtype:trojan-activity;sid:82340527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477426)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.103.108"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477426/; classtype:trojan-activity;sid:82340526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477425)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.5.32.62"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477425/; classtype:trojan-activity;sid:82340525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477424)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.188.67.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477424/; classtype:trojan-activity;sid:82340524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477423)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"186.26.43.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477423/; classtype:trojan-activity;sid:82340523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477421)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.104.88"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477421/; classtype:trojan-activity;sid:82340521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477422)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.113.83"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477422/; classtype:trojan-activity;sid:82340522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477419)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.11.72.91"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477419/; classtype:trojan-activity;sid:82340519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477420)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.208.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477420/; classtype:trojan-activity;sid:82340520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477418)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.159.248"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477418/; classtype:trojan-activity;sid:82340518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477416)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.94.238"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477416/; classtype:trojan-activity;sid:82340516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477417)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.171.119"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477417/; classtype:trojan-activity;sid:82340517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477414)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.185.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477414/; classtype:trojan-activity;sid:82340514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477415)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"122.96.113.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477415/; classtype:trojan-activity;sid:82340515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477413)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.172.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477413/; classtype:trojan-activity;sid:82340513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477412)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.141.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477412/; classtype:trojan-activity;sid:82340512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477411)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.22.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477411/; classtype:trojan-activity;sid:82340511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477410)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.93.89"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477410/; classtype:trojan-activity;sid:82340510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477409)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.88.157.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477409/; classtype:trojan-activity;sid:82340509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477408)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.9.82"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477408/; classtype:trojan-activity;sid:82340508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477407)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.225.3.83"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477407/; classtype:trojan-activity;sid:82340507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477406)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.87.225.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477406/; classtype:trojan-activity;sid:82340506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477404)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"49.89.173.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477404/; classtype:trojan-activity;sid:82340504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477405)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.238.211.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477405/; classtype:trojan-activity;sid:82340505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477402)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.43.108.38"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477402/; classtype:trojan-activity;sid:82340502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477403)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.238.231.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477403/; classtype:trojan-activity;sid:82340503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477401)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.249.14.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477401/; classtype:trojan-activity;sid:82340501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477399)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.47.245.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477399/; classtype:trojan-activity;sid:82340499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477400)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.235.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477400/; classtype:trojan-activity;sid:82340500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477398)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.59.115.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477398/; classtype:trojan-activity;sid:82340498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477397)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.67.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477397/; classtype:trojan-activity;sid:82340497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477395)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.58.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477395/; classtype:trojan-activity;sid:82340495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477396)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.85.253.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477396/; classtype:trojan-activity;sid:82340496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477394)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.85.255.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477394/; classtype:trojan-activity;sid:82340494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477393)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.8.58.131"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477393/; classtype:trojan-activity;sid:82340493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477391)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.85.238.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477391/; classtype:trojan-activity;sid:82340491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477392)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.37.133"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477392/; classtype:trojan-activity;sid:82340492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477390)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.46.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477390/; classtype:trojan-activity;sid:82340490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477389)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.236.134.143"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477389/; classtype:trojan-activity;sid:82340489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477387)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.85.174.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477387/; classtype:trojan-activity;sid:82340487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477388)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.123.125.147"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477388/; classtype:trojan-activity;sid:82340488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477386)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.169.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477386/; classtype:trojan-activity;sid:82340486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477385)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.30.120.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477385/; classtype:trojan-activity;sid:82340485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477384)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.173.52.94"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477384/; classtype:trojan-activity;sid:82340484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477383)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.223.247.108"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477383/; classtype:trojan-activity;sid:82340483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477382)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.20.3.177"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477382/; classtype:trojan-activity;sid:82340482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477381)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"101.108.132.22"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477381/; classtype:trojan-activity;sid:82340481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477380)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.175.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477380/; classtype:trojan-activity;sid:82340480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477379)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.9.82"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477379/; classtype:trojan-activity;sid:82340479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477378)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.128.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477378/; classtype:trojan-activity;sid:82340478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477377)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.2.82"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477377/; classtype:trojan-activity;sid:82340477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477374)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.199.144.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477374/; classtype:trojan-activity;sid:82340474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477375)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.249.91.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477375/; classtype:trojan-activity;sid:82340475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477376)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.147.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477376/; classtype:trojan-activity;sid:82340476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477372)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.248.153.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477372/; classtype:trojan-activity;sid:82340472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477373)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.46.53.72"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477373/; classtype:trojan-activity;sid:82340473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477371)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.249.80.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477371/; classtype:trojan-activity;sid:82340471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477369)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.248.146.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477369/; classtype:trojan-activity;sid:82340469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477370)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.139.50.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477370/; classtype:trojan-activity;sid:82340470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477367)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.249.86.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477367/; classtype:trojan-activity;sid:82340467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477368)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.40.84.131"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477368/; classtype:trojan-activity;sid:82340468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477366)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.85.167.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477366/; classtype:trojan-activity;sid:82340466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477365)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.98.228.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477365/; classtype:trojan-activity;sid:82340465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477364)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.65.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477364/; classtype:trojan-activity;sid:82340464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477363)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.18.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477363/; classtype:trojan-activity;sid:82340463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477362)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"171.38.223.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477362/; classtype:trojan-activity;sid:82340462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477361)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.88.157.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477361/; classtype:trojan-activity;sid:82340461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477360)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"101.20.5.202"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477360/; classtype:trojan-activity;sid:82340460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477359)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.96.4.100"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477359/; classtype:trojan-activity;sid:82340459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477358)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.131.101.177"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477358/; classtype:trojan-activity;sid:82340458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477357)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.185.1.120"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477357/; classtype:trojan-activity;sid:82340457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477356)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.245.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477356/; classtype:trojan-activity;sid:82340456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477355)"; flow:established,from_client; content:"GET"; http_method; content:"/askinstall40.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"www.szwbjs.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477355/; classtype:trojan-activity;sid:82340455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477354)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.47.143.46"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477354/; classtype:trojan-activity;sid:82340454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477353)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.25.124.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477353/; classtype:trojan-activity;sid:82340453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477352)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.160.61.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477352/; classtype:trojan-activity;sid:82340452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477351)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"188.0.135.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477351/; classtype:trojan-activity;sid:82340451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477350)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.208.145.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477350/; classtype:trojan-activity;sid:82340450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477347)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.47.142.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477347/; classtype:trojan-activity;sid:82340447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477348)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.64.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477348/; classtype:trojan-activity;sid:82340448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477349)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.122.111.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477349/; classtype:trojan-activity;sid:82340449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477346)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.204.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477346/; classtype:trojan-activity;sid:82340446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477345)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"118.77.191.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477345/; classtype:trojan-activity;sid:82340445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477344)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.23.252.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477344/; classtype:trojan-activity;sid:82340444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477343)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.90.238.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477343/; classtype:trojan-activity;sid:82340443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477342)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.49.7.129"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477342/; classtype:trojan-activity;sid:82340442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477341)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.25.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477341/; classtype:trojan-activity;sid:82340441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477339)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"49.70.1.134"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477339/; classtype:trojan-activity;sid:82340439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477340)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.255.160.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477340/; classtype:trojan-activity;sid:82340440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477338)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.132.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477338/; classtype:trojan-activity;sid:82340438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477335)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.120.85.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477335/; classtype:trojan-activity;sid:82340435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477336)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.83.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477336/; classtype:trojan-activity;sid:82340436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477337)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.139.126.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477337/; classtype:trojan-activity;sid:82340437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477334)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.251.36.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477334/; classtype:trojan-activity;sid:82340434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477331)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.45.37.116"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477331/; classtype:trojan-activity;sid:82340431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477332)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.123.210.71"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477332/; classtype:trojan-activity;sid:82340432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477333)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.67.105"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477333/; classtype:trojan-activity;sid:82340433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477330)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.124.200"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477330/; classtype:trojan-activity;sid:82340430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477328)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.57.222.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477328/; classtype:trojan-activity;sid:82340428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477329)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.52.16.198"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477329/; classtype:trojan-activity;sid:82340429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477325)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.133.168.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477325/; classtype:trojan-activity;sid:82340425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477326)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.201.196.163"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477326/; classtype:trojan-activity;sid:82340426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477327)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.182.78.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477327/; classtype:trojan-activity;sid:82340427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477323)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.164.139.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477323/; classtype:trojan-activity;sid:82340423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477324)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.229.54.155"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477324/; classtype:trojan-activity;sid:82340424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477321)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.164.137.47"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477321/; classtype:trojan-activity;sid:82340421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477322)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"210.89.59.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477322/; classtype:trojan-activity;sid:82340422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477320)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"84.53.216.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477320/; classtype:trojan-activity;sid:82340420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477318)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"172.36.56.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477318/; classtype:trojan-activity;sid:82340418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477319)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.207.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477319/; classtype:trojan-activity;sid:82340419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477317)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.177.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477317/; classtype:trojan-activity;sid:82340417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477316)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.58.249.14"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477316/; classtype:trojan-activity;sid:82340416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477315)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.11.187.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477315/; classtype:trojan-activity;sid:82340415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477314)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.116.246.157"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477314/; classtype:trojan-activity;sid:82340414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477312)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.201.196.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477312/; classtype:trojan-activity;sid:82340412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477313)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.239.181.128"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477313/; classtype:trojan-activity;sid:82340413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477311)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.54.41.158"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477311/; classtype:trojan-activity;sid:82340411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477310)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.5.63.5"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477310/; classtype:trojan-activity;sid:82340410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477307)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.59.83.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477307/; classtype:trojan-activity;sid:82340407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477308)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"101.109.199.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477308/; classtype:trojan-activity;sid:82340408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477309)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"101.108.132.247"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477309/; classtype:trojan-activity;sid:82340409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477306)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.154.181.59"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477306/; classtype:trojan-activity;sid:82340406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477305)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.43.117.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477305/; classtype:trojan-activity;sid:82340405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477304)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.71.180"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477304/; classtype:trojan-activity;sid:82340404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477303)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.40.74.137"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477303/; classtype:trojan-activity;sid:82340403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477302)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.42.199"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477302/; classtype:trojan-activity;sid:82340402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477301)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.193.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477301/; classtype:trojan-activity;sid:82340401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477300)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"49.89.242.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477300/; classtype:trojan-activity;sid:82340400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477298)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.11.71.135"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477298/; classtype:trojan-activity;sid:82340398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477299)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.46.184.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477299/; classtype:trojan-activity;sid:82340399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477297)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.139.29.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477297/; classtype:trojan-activity;sid:82340397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477296)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.125.134.140"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477296/; classtype:trojan-activity;sid:82340396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477295)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.85.254.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477295/; classtype:trojan-activity;sid:82340395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477294)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.85.175.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477294/; classtype:trojan-activity;sid:82340394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477293)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.87.184.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477293/; classtype:trojan-activity;sid:82340393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477292)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.239.142.133"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477292/; classtype:trojan-activity;sid:82340392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477291)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.90.176.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477291/; classtype:trojan-activity;sid:82340391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477290)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.97.239.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477290/; classtype:trojan-activity;sid:82340390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477289)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.83.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477289/; classtype:trojan-activity;sid:82340389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477288)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.109.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477288/; classtype:trojan-activity;sid:82340388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477287)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.94.203.5"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477287/; classtype:trojan-activity;sid:82340387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477285)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.141.124.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477285/; classtype:trojan-activity;sid:82340385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477286)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.171.166"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477286/; classtype:trojan-activity;sid:82340386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477283)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.248.115.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477283/; classtype:trojan-activity;sid:82340383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477284)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.249.78.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477284/; classtype:trojan-activity;sid:82340384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477282)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.248.153.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477282/; classtype:trojan-activity;sid:82340382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477281)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.255.209.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477281/; classtype:trojan-activity;sid:82340381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477280)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.123.240.68"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477280/; classtype:trojan-activity;sid:82340380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477278)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.49.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477278/; classtype:trojan-activity;sid:82340378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477279)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.46.45.69"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477279/; classtype:trojan-activity;sid:82340379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477276)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.38.68.160"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477276/; classtype:trojan-activity;sid:82340376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477277)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.142.246.100"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477277/; classtype:trojan-activity;sid:82340377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477275)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.40.75.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477275/; classtype:trojan-activity;sid:82340375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477273)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.204.210.136"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477273/; classtype:trojan-activity;sid:82340373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477274)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.49.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477274/; classtype:trojan-activity;sid:82340374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477272)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.204.210.28"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477272/; classtype:trojan-activity;sid:82340372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477270)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.45.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477270/; classtype:trojan-activity;sid:82340370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477271)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"151.77.138.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477271/; classtype:trojan-activity;sid:82340371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477268)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"122.190.255.118"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477268/; classtype:trojan-activity;sid:82340368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477269)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.179.170.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477269/; classtype:trojan-activity;sid:82340369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477267)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.207.1.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477267/; classtype:trojan-activity;sid:82340367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477266)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.87.200.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477266/; classtype:trojan-activity;sid:82340366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477265)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.133.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477265/; classtype:trojan-activity;sid:82340365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477264)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.102.130.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477264/; classtype:trojan-activity;sid:82340364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477263)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.61.39.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477263/; classtype:trojan-activity;sid:82340363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477262)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.109.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477262/; classtype:trojan-activity;sid:82340362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477260)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.201.204.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477260/; classtype:trojan-activity;sid:82340360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477261)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.102.125.183"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477261/; classtype:trojan-activity;sid:82340361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477259)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.47.121.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477259/; classtype:trojan-activity;sid:82340359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477257)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.206.219.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477257/; classtype:trojan-activity;sid:82340357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477258)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.94.197.1"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477258/; classtype:trojan-activity;sid:82340358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477256)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"151.75.8.242"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477256/; classtype:trojan-activity;sid:82340356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477254)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.226.25.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477254/; classtype:trojan-activity;sid:82340354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477255)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.201.196.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477255/; classtype:trojan-activity;sid:82340355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477253)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.85.185.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477253/; classtype:trojan-activity;sid:82340353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477249)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.239.181.128"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477249/; classtype:trojan-activity;sid:82340349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477250)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.124.40.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477250/; classtype:trojan-activity;sid:82340350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477251)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.98.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477251/; classtype:trojan-activity;sid:82340351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477252)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.135.171"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477252/; classtype:trojan-activity;sid:82340352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477247)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.201.206.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477247/; classtype:trojan-activity;sid:82340347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477248)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.125.62.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477248/; classtype:trojan-activity;sid:82340348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477246)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"171.38.195.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477246/; classtype:trojan-activity;sid:82340346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477245)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"101.108.129.94"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477245/; classtype:trojan-activity;sid:82340345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477244)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.239.216.142"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477244/; classtype:trojan-activity;sid:82340344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477243)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.18.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477243/; classtype:trojan-activity;sid:82340343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477242)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.117.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477242/; classtype:trojan-activity;sid:82340342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477241)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.89.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477241/; classtype:trojan-activity;sid:82340341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477239)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.248.145.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477239/; classtype:trojan-activity;sid:82340339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477240)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.67.75.68"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477240/; classtype:trojan-activity;sid:82340340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477238)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.55.171.124"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_07_24; reference:url, urlhaus.abuse.ch/url/1477238/; classtype:trojan-activity;sid:82340338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1477237)"; flow:established,from_client; content:"GET";