################################################################ # abuse.ch URLhaus IDS ruleset (Snort / Suricata) # # Last updated: 2021-05-10 17:49:18 (UTC) # # # # Terms Of Use: https://urlhaus.abuse.ch/api/ # # For questions please contact urlhaus [at] abuse.ch # ################################################################ # # url alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217397)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.161.162"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217397/; classtype:trojan-activity;sid:82080497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217396)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.58.7.66"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217396/; classtype:trojan-activity;sid:82080496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217395)"; flow:established,from_client; content:"GET"; http_method; content:"/dgsos/hppvery/xah0hecvhbhnn1wk5c1legmnqweefxu3tbwewacs/zuz2|3f|time=smx0i8sp|7c|26|7c|=bombw1egan3ykyppie0lxvzvyixgws|7c|26|7c|=kd5hanf9uoyixxa|7c|26|7c|eqjkegy5=rlydjasomugoc0|7c|26|7c|q=8uw7z5ltnxbogqd0db82byq0pziw|7c|26|7c|xfqdo2rsjj=xrkryfwm1w8u2k2|7c|26|7c|4elnlnrky=l2awxu9d|7c|26|7c|q=fopccgsxr1uiipzbhuea0yztxepjtp|7c|26|7c|cid=i0btt6cd9vekcyj9f6e22tuunxc7|7c|26|7c|time=zvybhphkm"; http_uri; depth:389; isdataat:!1,relative; nocase; content:"policearellanoz.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217395/; classtype:trojan-activity;sid:82080495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217394)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.246.222.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217394/; classtype:trojan-activity;sid:82080494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217393)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.90.245.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217393/; classtype:trojan-activity;sid:82080493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217391)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.175.40.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217391/; classtype:trojan-activity;sid:82080491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217390)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.175.16.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217390/; classtype:trojan-activity;sid:82080490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217389)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.14.123.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217389/; classtype:trojan-activity;sid:82080489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217387)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.94.183.12"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217387/; classtype:trojan-activity;sid:82080487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217388)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.253.13.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217388/; classtype:trojan-activity;sid:82080488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217386)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.249.78.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217386/; classtype:trojan-activity;sid:82080486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217385)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.6.156"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217385/; classtype:trojan-activity;sid:82080485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217383)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.255.135.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217383/; classtype:trojan-activity;sid:82080483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217384)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.171.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217384/; classtype:trojan-activity;sid:82080484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217380)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.65.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217380/; classtype:trojan-activity;sid:82080480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217381)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"43.255.236.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217381/; classtype:trojan-activity;sid:82080481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217382)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.249.13.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217382/; classtype:trojan-activity;sid:82080482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217379)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.250.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217379/; classtype:trojan-activity;sid:82080479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217378)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.203.129.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217378/; classtype:trojan-activity;sid:82080478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217375)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.123.151"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217375/; classtype:trojan-activity;sid:82080475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217376)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.92.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217376/; classtype:trojan-activity;sid:82080476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217377)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.68.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217377/; classtype:trojan-activity;sid:82080477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217373)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.59.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217373/; classtype:trojan-activity;sid:82080473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217374)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.64.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217374/; classtype:trojan-activity;sid:82080474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217371)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.95.21.241"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217371/; classtype:trojan-activity;sid:82080471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217372)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.69.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217372/; classtype:trojan-activity;sid:82080472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217370)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.77.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217370/; classtype:trojan-activity;sid:82080470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217369)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.103.11"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217369/; classtype:trojan-activity;sid:82080469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217368)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.131.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217368/; classtype:trojan-activity;sid:82080468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217366)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.242.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217366/; classtype:trojan-activity;sid:82080466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217367)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.123.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217367/; classtype:trojan-activity;sid:82080467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217364)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.136.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217364/; classtype:trojan-activity;sid:82080464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217365)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.110.179"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217365/; classtype:trojan-activity;sid:82080465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217362)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.201.200.205"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217362/; classtype:trojan-activity;sid:82080462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217363)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.179.248.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217363/; classtype:trojan-activity;sid:82080463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217360)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.201.202.126"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217360/; classtype:trojan-activity;sid:82080460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217361)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.202.66.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217361/; classtype:trojan-activity;sid:82080461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217358)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.10.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217358/; classtype:trojan-activity;sid:82080458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217359)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.169.142"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217359/; classtype:trojan-activity;sid:82080459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217357)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.179.236.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217357/; classtype:trojan-activity;sid:82080457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217355)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.62.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217355/; classtype:trojan-activity;sid:82080455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217356)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.61.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217356/; classtype:trojan-activity;sid:82080456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217353)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.201.194.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217353/; classtype:trojan-activity;sid:82080453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217354)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.175.77.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217354/; classtype:trojan-activity;sid:82080454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217351)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.75.214.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217351/; classtype:trojan-activity;sid:82080451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217352)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.201.196.227"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217352/; classtype:trojan-activity;sid:82080452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217350)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.192.224.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217350/; classtype:trojan-activity;sid:82080450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217349)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.175.113.46"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217349/; classtype:trojan-activity;sid:82080449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217348)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.111.127"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217348/; classtype:trojan-activity;sid:82080448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217347)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.175.31.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217347/; classtype:trojan-activity;sid:82080447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217346)"; flow:established,from_client; content:"GET"; http_method; content:"/d6dcrqejgd00os.php"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"s3solutions.ae"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217346/; classtype:trojan-activity;sid:82080446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217343)"; flow:established,from_client; content:"GET"; http_method; content:"/cdn-cgi/scripts/5c5dd728/cloudflare-static/frfn29hquueudn.php"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"unitopinternational.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217343/; classtype:trojan-activity;sid:82080443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217341)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/litespeed-cache/src/cdn/0rek020ky.php"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"meskot.org"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217341/; classtype:trojan-activity;sid:82080441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217340)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.7.66"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217340/; classtype:trojan-activity;sid:82080440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217339)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.175.91.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217339/; classtype:trojan-activity;sid:82080439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217338)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.31.237"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217338/; classtype:trojan-activity;sid:82080438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217337)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.186.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217337/; classtype:trojan-activity;sid:82080437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217336)"; flow:established,from_client; content:"GET"; http_method; content:"/dgsos/hfuzxsegsxjtpxt9eh4r/cxktgcnwoc/kwovz7xsj92uuo9zgpec8q6ktj7p1i/7lthir057h2iilsae5zu2aftsioa0g7yh3vvncpat/ptk8e0ei4jnlup9sdnwtx/vbqg271pazs1b9jfo6yieojsji7fdpk/70545/ccxxaiqobbxq8r1zfvaqu86fpkz2prqtq/qcokhdpdktioouzevykmkiobhbo9u7ufg/wn7zcbxvta2akxktubegfkgjlrgbijlw0/zuz4|3f|cid=p3w0k2y9mzpvrru2adae|7c|26|7c|g3k=zx|7c|26|7c|search=v0r|7c|26|7c|q=ukqyg8ntxwhxtfavq9giyzmg5l|7c|26|7c|=qikftzxfp8tvwo7ahoacyl"; http_uri; depth:413; isdataat:!1,relative; nocase; content:"cunninghamretailz.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217336/; classtype:trojan-activity;sid:82080436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217335)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.54.239.144"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217335/; classtype:trojan-activity;sid:82080435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217334)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.175.94.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217334/; classtype:trojan-activity;sid:82080434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217332)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.209.60.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217332/; classtype:trojan-activity;sid:82080432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217331)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.124.46"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217331/; classtype:trojan-activity;sid:82080431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217330)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.86.174.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217330/; classtype:trojan-activity;sid:82080430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217329)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.85.226.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217329/; classtype:trojan-activity;sid:82080429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217328)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.186.26.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217328/; classtype:trojan-activity;sid:82080428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217327)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.64.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217327/; classtype:trojan-activity;sid:82080427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217326)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.123.119"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217326/; classtype:trojan-activity;sid:82080426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217325)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.58.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217325/; classtype:trojan-activity;sid:82080425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217324)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.179.160.195"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217324/; classtype:trojan-activity;sid:82080424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217323)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.9.228.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217323/; classtype:trojan-activity;sid:82080423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217322)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.127.36"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217322/; classtype:trojan-activity;sid:82080422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217321)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.87.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217321/; classtype:trojan-activity;sid:82080421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217320)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.2.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217320/; classtype:trojan-activity;sid:82080420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217319)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.16.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217319/; classtype:trojan-activity;sid:82080419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217317)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.142.228.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217317/; classtype:trojan-activity;sid:82080417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217318)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.137.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217318/; classtype:trojan-activity;sid:82080418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217313)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.119.183.180"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217313/; classtype:trojan-activity;sid:82080413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217314)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.247.207.53"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217314/; classtype:trojan-activity;sid:82080414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217315)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.168.28"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217315/; classtype:trojan-activity;sid:82080415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217316)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.13.79.209"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217316/; classtype:trojan-activity;sid:82080416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217312)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.255.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217312/; classtype:trojan-activity;sid:82080412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217311)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.130.11.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217311/; classtype:trojan-activity;sid:82080411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217310)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.251.62.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217310/; classtype:trojan-activity;sid:82080410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217308)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.14.208"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217308/; classtype:trojan-activity;sid:82080408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217307)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.166.180"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217307/; classtype:trojan-activity;sid:82080407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217305)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.178.92.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217305/; classtype:trojan-activity;sid:82080405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217306)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.182.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217306/; classtype:trojan-activity;sid:82080406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217304)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.31.8.172"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217304/; classtype:trojan-activity;sid:82080404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217303)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"118.172.176.41"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217303/; classtype:trojan-activity;sid:82080403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217302)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.20.3.64"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217302/; classtype:trojan-activity;sid:82080402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217301)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.42.130"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217301/; classtype:trojan-activity;sid:82080401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217300)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.242.208.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217300/; classtype:trojan-activity;sid:82080400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217298)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.40.9.248"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217298/; classtype:trojan-activity;sid:82080398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217294)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.247.201.194"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217294/; classtype:trojan-activity;sid:82080394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217292)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.175.95.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217292/; classtype:trojan-activity;sid:82080392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217293)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"14.138.109.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217293/; classtype:trojan-activity;sid:82080393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217286)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.18.23"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217286/; classtype:trojan-activity;sid:82080386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217284)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.53.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217284/; classtype:trojan-activity;sid:82080384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217285)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.83.129"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217285/; classtype:trojan-activity;sid:82080385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217283)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.242.188.28"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217283/; classtype:trojan-activity;sid:82080383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217282)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.43.114.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217282/; classtype:trojan-activity;sid:82080382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217281)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.113.46"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217281/; classtype:trojan-activity;sid:82080381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217280)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.238.165.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217280/; classtype:trojan-activity;sid:82080380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217279)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.229.193.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217279/; classtype:trojan-activity;sid:82080379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217278)"; flow:established,from_client; content:"GET"; http_method; content:"/9xmzaep6ph"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"araitrade.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217278/; classtype:trojan-activity;sid:82080378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217277)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.175.24.1"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217277/; classtype:trojan-activity;sid:82080377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217275)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.179.172.162"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217275/; classtype:trojan-activity;sid:82080375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217276)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"170.245.216.238"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217276/; classtype:trojan-activity;sid:82080376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217274)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.175.42.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217274/; classtype:trojan-activity;sid:82080374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217271)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.22.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217271/; classtype:trojan-activity;sid:82080371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217272)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.142.121.248"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217272/; classtype:trojan-activity;sid:82080372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217270)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.186.154"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217270/; classtype:trojan-activity;sid:82080370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217269)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.241.48.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217269/; classtype:trojan-activity;sid:82080369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217268)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.208.54"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217268/; classtype:trojan-activity;sid:82080368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217267)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.22.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217267/; classtype:trojan-activity;sid:82080367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217266)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.202.66.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217266/; classtype:trojan-activity;sid:82080366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217265)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.154.118.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217265/; classtype:trojan-activity;sid:82080365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217262)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.253.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217262/; classtype:trojan-activity;sid:82080362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217263)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.110.194.37"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217263/; classtype:trojan-activity;sid:82080363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217264)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.77.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217264/; classtype:trojan-activity;sid:82080364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217261)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.200.84.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217261/; classtype:trojan-activity;sid:82080361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217260)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.230.86.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217260/; classtype:trojan-activity;sid:82080360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217258)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.241.51.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217258/; classtype:trojan-activity;sid:82080358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217259)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.66.78.171"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217259/; classtype:trojan-activity;sid:82080359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217257)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"213.163.119.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217257/; classtype:trojan-activity;sid:82080357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217250)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.4.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217250/; classtype:trojan-activity;sid:82080350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217249)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.209.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217249/; classtype:trojan-activity;sid:82080349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217248)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.91.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217248/; classtype:trojan-activity;sid:82080348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217247)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"213.163.127.250"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217247/; classtype:trojan-activity;sid:82080347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217246)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.45.107"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217246/; classtype:trojan-activity;sid:82080346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217244)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.142.228.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217244/; classtype:trojan-activity;sid:82080344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217242)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.42.130"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217242/; classtype:trojan-activity;sid:82080342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217241)"; flow:established,from_client; content:"GET"; http_method; content:"/vendor/rvsitebuilder/core/fonts/vendor/od8pteppjmagxhz.php"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"espgamerica.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217241/; classtype:trojan-activity;sid:82080341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217238)"; flow:established,from_client; content:"GET"; http_method; content:"/download|3f|cid=243163e4a01a4370|7c|26|7c|resid=243163e4a01a4370%21123|7c|26|7c|authkey=aojvgrlliefqxhg"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217238/; classtype:trojan-activity;sid:82080338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217234)"; flow:established,from_client; content:"GET"; http_method; content:"/download|3f|cid=5fdf10bd012736af|7c|26|7c|resid=5fdf10bd012736af%21111|7c|26|7c|authkey=akpdbdu9g6liogm"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217234/; classtype:trojan-activity;sid:82080334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217235)"; flow:established,from_client; content:"GET"; http_method; content:"/download|3f|cid=243163e4a01a4370|7c|26|7c|resid=243163e4a01a4370%21126|7c|26|7c|authkey=aljlnhsve0ermr0"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217235/; classtype:trojan-activity;sid:82080335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217232)"; flow:established,from_client; content:"GET"; http_method; content:"/download|3f|cid=9dcc1faed44dc512|7c|26|7c|resid=9dcc1faed44dc512%21111|7c|26|7c|authkey=ab1fexkjccbzh6o"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217232/; classtype:trojan-activity;sid:82080332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217230)"; flow:established,from_client; content:"GET"; http_method; content:"/bower_components/ckeditor/plugins/tableselection/styles/5kerh5gj"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"attendance.ehazira.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217230/; classtype:trojan-activity;sid:82080330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217224)"; flow:established,from_client; content:"GET"; http_method; content:"/download|3f|cid=167840c079973289|7c|26|7c|resid=167840c079973289%21116|7c|26|7c|authkey=afoiu0tt3l6het0"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217224/; classtype:trojan-activity;sid:82080324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217225)"; flow:established,from_client; content:"GET"; http_method; content:"/download|3f|cid=5f1bf1afe0b86272|7c|26|7c|resid=5f1bf1afe0b86272%21128|7c|26|7c|authkey=agu97yggqedapxy"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217225/; classtype:trojan-activity;sid:82080325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217226)"; flow:established,from_client; content:"GET"; http_method; content:"/download|3f|cid=4e514918bd4d2641|7c|26|7c|resid=4e514918bd4d2641%21119|7c|26|7c|authkey=aaonottwsatvsly"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217226/; classtype:trojan-activity;sid:82080326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217227)"; flow:established,from_client; content:"GET"; http_method; content:"/download|3f|cid=ccee28028fb5df7f|7c|26|7c|resid=ccee28028fb5df7f%21114|7c|26|7c|authkey=airmbevo7ycq-sq"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217227/; classtype:trojan-activity;sid:82080327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217228)"; flow:established,from_client; content:"GET"; http_method; content:"/xkjfx6qv.php"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"beta.hairshow.pt"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217228/; classtype:trojan-activity;sid:82080328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217223)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.94.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217223/; classtype:trojan-activity;sid:82080323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217221)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"171.232.100.40"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217221/; classtype:trojan-activity;sid:82080321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217222)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.154.162.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217222/; classtype:trojan-activity;sid:82080322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217220)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.175.72.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217220/; classtype:trojan-activity;sid:82080320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217219)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.10.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217219/; classtype:trojan-activity;sid:82080319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217218)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.220.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217218/; classtype:trojan-activity;sid:82080318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217217)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.149.104"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217217/; classtype:trojan-activity;sid:82080317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217216)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.233.94.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217216/; classtype:trojan-activity;sid:82080316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217215)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.228.74.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217215/; classtype:trojan-activity;sid:82080315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217214)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.46.44.113"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217214/; classtype:trojan-activity;sid:82080314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217213)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.40.9.248"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217213/; classtype:trojan-activity;sid:82080313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217211)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.247.201.194"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217211/; classtype:trojan-activity;sid:82080311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217212)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.52.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217212/; classtype:trojan-activity;sid:82080312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217210)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.171.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217210/; classtype:trojan-activity;sid:82080310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217208)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.104.22"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217208/; classtype:trojan-activity;sid:82080308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217209)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.7.92"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217209/; classtype:trojan-activity;sid:82080309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217206)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.116.35.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217206/; classtype:trojan-activity;sid:82080306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217207)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.204.223.51"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217207/; classtype:trojan-activity;sid:82080307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217205)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.207.1.240"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217205/; classtype:trojan-activity;sid:82080305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217204)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.85.197.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217204/; classtype:trojan-activity;sid:82080304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217202)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.85.167.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217202/; classtype:trojan-activity;sid:82080302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217203)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.2.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217203/; classtype:trojan-activity;sid:82080303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217201)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.59.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217201/; classtype:trojan-activity;sid:82080301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217200)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"118.172.176.41"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217200/; classtype:trojan-activity;sid:82080300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217198)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.53.235.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217198/; classtype:trojan-activity;sid:82080298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217197)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.116.218.139"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217197/; classtype:trojan-activity;sid:82080297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217195)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"111.38.123.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217195/; classtype:trojan-activity;sid:82080295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217196)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.212.22"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217196/; classtype:trojan-activity;sid:82080296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217194)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"111.38.123.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217194/; classtype:trojan-activity;sid:82080294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217193)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.42.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217193/; classtype:trojan-activity;sid:82080293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217191)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.208.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217191/; classtype:trojan-activity;sid:82080291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217192)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.12.231.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217192/; classtype:trojan-activity;sid:82080292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217190)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.239.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217190/; classtype:trojan-activity;sid:82080290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217189)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.58.63.174"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217189/; classtype:trojan-activity;sid:82080289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217188)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.154.118.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217188/; classtype:trojan-activity;sid:82080288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217187)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.61.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217187/; classtype:trojan-activity;sid:82080287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217186)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.233.94.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217186/; classtype:trojan-activity;sid:82080286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217185)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.95.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217185/; classtype:trojan-activity;sid:82080285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217184)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.24.1"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217184/; classtype:trojan-activity;sid:82080284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217183)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.133.1.173"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217183/; classtype:trojan-activity;sid:82080283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217181)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.138.109.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217181/; classtype:trojan-activity;sid:82080281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217182)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.245.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217182/; classtype:trojan-activity;sid:82080282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217180)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.249.79.135"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217180/; classtype:trojan-activity;sid:82080280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217178)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.249.11.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217178/; classtype:trojan-activity;sid:82080278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217179)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.249.85.1"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217179/; classtype:trojan-activity;sid:82080279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217176)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.228.36.21"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217176/; classtype:trojan-activity;sid:82080276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217177)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.228.46.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217177/; classtype:trojan-activity;sid:82080277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217175)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.40.86.75"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217175/; classtype:trojan-activity;sid:82080275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217173)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.66.178.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217173/; classtype:trojan-activity;sid:82080273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217174)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.21.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217174/; classtype:trojan-activity;sid:82080274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217172)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.77.188"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217172/; classtype:trojan-activity;sid:82080272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217171)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.217.117.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217171/; classtype:trojan-activity;sid:82080271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217170)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.103.115"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217170/; classtype:trojan-activity;sid:82080270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217169)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.194.166.247"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217169/; classtype:trojan-activity;sid:82080269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217164)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.94.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217164/; classtype:trojan-activity;sid:82080264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217165)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.108.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217165/; classtype:trojan-activity;sid:82080265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217166)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.29.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217166/; classtype:trojan-activity;sid:82080266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217167)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.113.97"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217167/; classtype:trojan-activity;sid:82080267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217168)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.198.248"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217168/; classtype:trojan-activity;sid:82080268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217161)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.118.166.105"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217161/; classtype:trojan-activity;sid:82080261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217160)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.214.175"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217160/; classtype:trojan-activity;sid:82080260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217158)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.85.166.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217158/; classtype:trojan-activity;sid:82080258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217159)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.241.51.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217159/; classtype:trojan-activity;sid:82080259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217157)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.85.238.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217157/; classtype:trojan-activity;sid:82080257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217156)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.172.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217156/; classtype:trojan-activity;sid:82080256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217155)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.87.49.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217155/; classtype:trojan-activity;sid:82080255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217154)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.201.218.201"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217154/; classtype:trojan-activity;sid:82080254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217152)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.89.0"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217152/; classtype:trojan-activity;sid:82080252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217153)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.7.66"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217153/; classtype:trojan-activity;sid:82080253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217151)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.118.205.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217151/; classtype:trojan-activity;sid:82080251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217150)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.241.51.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217150/; classtype:trojan-activity;sid:82080250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217149)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.230.12"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217149/; classtype:trojan-activity;sid:82080249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217148)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.239.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217148/; classtype:trojan-activity;sid:82080248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217147)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.67.165"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217147/; classtype:trojan-activity;sid:82080247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217146)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.72.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217146/; classtype:trojan-activity;sid:82080246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217145)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.221.183.232"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217145/; classtype:trojan-activity;sid:82080245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217144)"; flow:established,from_client; content:"GET"; http_method; content:"/scripts/23s"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"101.51.138.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217144/; classtype:trojan-activity;sid:82080244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217142)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.218.112.102"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217142/; classtype:trojan-activity;sid:82080242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217143)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.74.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217143/; classtype:trojan-activity;sid:82080243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217141)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.175.114.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217141/; classtype:trojan-activity;sid:82080241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217140)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.255.142.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217140/; classtype:trojan-activity;sid:82080240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217138)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.116.35.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217138/; classtype:trojan-activity;sid:82080238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217139)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.248.148.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217139/; classtype:trojan-activity;sid:82080239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217137)"; flow:established,from_client; content:"GET"; http_method; content:"/favico/bdell.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"vespang.ga"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217137/; classtype:trojan-activity;sid:82080237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217136)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"171.232.100.40"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217136/; classtype:trojan-activity;sid:82080236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217135)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.6.1.134"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217135/; classtype:trojan-activity;sid:82080235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217131)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.13.148.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217131/; classtype:trojan-activity;sid:82080231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217132)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.45.90.174"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217132/; classtype:trojan-activity;sid:82080232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217133)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.73.215.166"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217133/; classtype:trojan-activity;sid:82080233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217134)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.19.249.227"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217134/; classtype:trojan-activity;sid:82080234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217130)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.228.43.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217130/; classtype:trojan-activity;sid:82080230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217129)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.226.80.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217129/; classtype:trojan-activity;sid:82080229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217128)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.115.181"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217128/; classtype:trojan-activity;sid:82080228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217127)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.77.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217127/; classtype:trojan-activity;sid:82080227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217126)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.247.202.201"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217126/; classtype:trojan-activity;sid:82080226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217122)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.133.1.173"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217122/; classtype:trojan-activity;sid:82080222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217123)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.133.1.173"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217123/; classtype:trojan-activity;sid:82080223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217124)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.133.1.173"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217124/; classtype:trojan-activity;sid:82080224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217125)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.133.1.173"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217125/; classtype:trojan-activity;sid:82080225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217120)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.133.1.173"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217120/; classtype:trojan-activity;sid:82080220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217121)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.133.1.173"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217121/; classtype:trojan-activity;sid:82080221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217119)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.133.1.173"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217119/; classtype:trojan-activity;sid:82080219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217118)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.133.1.173"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217118/; classtype:trojan-activity;sid:82080218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217115)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.175.76.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217115/; classtype:trojan-activity;sid:82080215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217117)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.37.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217117/; classtype:trojan-activity;sid:82080217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217114)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.147.172"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217114/; classtype:trojan-activity;sid:82080214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217112)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.127.46"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217112/; classtype:trojan-activity;sid:82080212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217113)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.123.207"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217113/; classtype:trojan-activity;sid:82080213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217111)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.166.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217111/; classtype:trojan-activity;sid:82080211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217110)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.155.112.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217110/; classtype:trojan-activity;sid:82080210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217109)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.166.132"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217109/; classtype:trojan-activity;sid:82080209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217106)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.123.211.54"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217106/; classtype:trojan-activity;sid:82080206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217107)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.83.115.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217107/; classtype:trojan-activity;sid:82080207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217101)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.41.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217101/; classtype:trojan-activity;sid:82080201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217099)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.84.216.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217099/; classtype:trojan-activity;sid:82080199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217100)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.209.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217100/; classtype:trojan-activity;sid:82080200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217097)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.135.158.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217097/; classtype:trojan-activity;sid:82080197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217096)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.17.229"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217096/; classtype:trojan-activity;sid:82080196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217095)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.166.247"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217095/; classtype:trojan-activity;sid:82080195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217094)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.67.165"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217094/; classtype:trojan-activity;sid:82080194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217093)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.249.74.5"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217093/; classtype:trojan-activity;sid:82080193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217091)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.67.205.87"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217091/; classtype:trojan-activity;sid:82080191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217089)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.41.10.215"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217089/; classtype:trojan-activity;sid:82080189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217090)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.5.26.133"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217090/; classtype:trojan-activity;sid:82080190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217088)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.147.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217088/; classtype:trojan-activity;sid:82080188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217087)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.77.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217087/; classtype:trojan-activity;sid:82080187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217086)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.22.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217086/; classtype:trojan-activity;sid:82080186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217084)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.29.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217084/; classtype:trojan-activity;sid:82080184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217085)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.27.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217085/; classtype:trojan-activity;sid:82080185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217083)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.79.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217083/; classtype:trojan-activity;sid:82080183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217082)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.59.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217082/; classtype:trojan-activity;sid:82080182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217081)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.76.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217081/; classtype:trojan-activity;sid:82080181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217080)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.83.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217080/; classtype:trojan-activity;sid:82080180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217078)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.26.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217078/; classtype:trojan-activity;sid:82080178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217079)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.96.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217079/; classtype:trojan-activity;sid:82080179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217077)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.115.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217077/; classtype:trojan-activity;sid:82080177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217076)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.37.248"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217076/; classtype:trojan-activity;sid:82080176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217073)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.113.180"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217073/; classtype:trojan-activity;sid:82080173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217074)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.123.240.88"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217074/; classtype:trojan-activity;sid:82080174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217075)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.124.65"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217075/; classtype:trojan-activity;sid:82080175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217072)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.202.112.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217072/; classtype:trojan-activity;sid:82080172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217070)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.174.159"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217070/; classtype:trojan-activity;sid:82080170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217071)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.81.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217071/; classtype:trojan-activity;sid:82080171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217068)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.85.196.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217068/; classtype:trojan-activity;sid:82080168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217067)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.14.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217067/; classtype:trojan-activity;sid:82080167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217066)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"118.172.89.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217066/; classtype:trojan-activity;sid:82080166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217064)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.12.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217064/; classtype:trojan-activity;sid:82080164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217063)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.210.69"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217063/; classtype:trojan-activity;sid:82080163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217062)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.183.232"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217062/; classtype:trojan-activity;sid:82080162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217061)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.218.112.102"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217061/; classtype:trojan-activity;sid:82080161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217060)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.175.96.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217060/; classtype:trojan-activity;sid:82080160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217059)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.89.54.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217059/; classtype:trojan-activity;sid:82080159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217057)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.232.47.91"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217057/; classtype:trojan-activity;sid:82080157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217056)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.45.116"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217056/; classtype:trojan-activity;sid:82080156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217054)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.74.7.49"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217054/; classtype:trojan-activity;sid:82080154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217055)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.248.144.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217055/; classtype:trojan-activity;sid:82080155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217052)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.248.152.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217052/; classtype:trojan-activity;sid:82080152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217051)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.171.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217051/; classtype:trojan-activity;sid:82080151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217050)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.119.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217050/; classtype:trojan-activity;sid:82080150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217049)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.42.148"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217049/; classtype:trojan-activity;sid:82080149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217048)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.40.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217048/; classtype:trojan-activity;sid:82080148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217047)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.40.75.111"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217047/; classtype:trojan-activity;sid:82080147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217045)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.5.44.209"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217045/; classtype:trojan-activity;sid:82080145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217046)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"213.163.115.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217046/; classtype:trojan-activity;sid:82080146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217044)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.6.242.136"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217044/; classtype:trojan-activity;sid:82080144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217043)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.209.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217043/; classtype:trojan-activity;sid:82080143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217042)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.221.188.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217042/; classtype:trojan-activity;sid:82080142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217041)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.41.55.249"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217041/; classtype:trojan-activity;sid:82080141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217040)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.32.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217040/; classtype:trojan-activity;sid:82080140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217038)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.103.149"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217038/; classtype:trojan-activity;sid:82080138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217039)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.97.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217039/; classtype:trojan-activity;sid:82080139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217037)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.175.41.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217037/; classtype:trojan-activity;sid:82080137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217036)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.53.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217036/; classtype:trojan-activity;sid:82080136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217035)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.7.79"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217035/; classtype:trojan-activity;sid:82080135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217034)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.200.214"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217034/; classtype:trojan-activity;sid:82080134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217033)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.225.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217033/; classtype:trojan-activity;sid:82080133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217032)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.187.119"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217032/; classtype:trojan-activity;sid:82080132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217031)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.177.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217031/; classtype:trojan-activity;sid:82080131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217030)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.161.251"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217030/; classtype:trojan-activity;sid:82080130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217026)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.99.239.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217026/; classtype:trojan-activity;sid:82080126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217027)"; flow:established,from_client; content:"GET"; http_method; content:"/y91/mips"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"157.245.69.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217027/; classtype:trojan-activity;sid:82080127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217028)"; flow:established,from_client; content:"GET"; http_method; content:"/y91/x86"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"157.245.69.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217028/; classtype:trojan-activity;sid:82080128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217029)"; flow:established,from_client; content:"GET"; http_method; content:"/y91/arm6"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"157.245.69.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217029/; classtype:trojan-activity;sid:82080129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217022)"; flow:established,from_client; content:"GET"; http_method; content:"/y91/ppc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"157.245.69.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217022/; classtype:trojan-activity;sid:82080122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217023)"; flow:established,from_client; content:"GET"; http_method; content:"/y91/arm"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"157.245.69.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217023/; classtype:trojan-activity;sid:82080123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217024)"; flow:established,from_client; content:"GET"; http_method; content:"/y91/mpsl"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"157.245.69.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217024/; classtype:trojan-activity;sid:82080124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217025)"; flow:established,from_client; content:"GET"; http_method; content:"/y91/arm7"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"157.245.69.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217025/; classtype:trojan-activity;sid:82080125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217021)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.250.59"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217021/; classtype:trojan-activity;sid:82080121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217020)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.8.14"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217020/; classtype:trojan-activity;sid:82080120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217019)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.59.208.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217019/; classtype:trojan-activity;sid:82080119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217018)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.225.149.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217018/; classtype:trojan-activity;sid:82080118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217017)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.247.166.218"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217017/; classtype:trojan-activity;sid:82080117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217016)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.83.115.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217016/; classtype:trojan-activity;sid:82080116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217015)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.175.53.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217015/; classtype:trojan-activity;sid:82080115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217014)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.247.202.201"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217014/; classtype:trojan-activity;sid:82080114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217013)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.114.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217013/; classtype:trojan-activity;sid:82080113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217012)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.48.12"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217012/; classtype:trojan-activity;sid:82080112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217011)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.17.229"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217011/; classtype:trojan-activity;sid:82080111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217010)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.175.4.5"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217010/; classtype:trojan-activity;sid:82080110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217009)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.67.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217009/; classtype:trojan-activity;sid:82080109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217007)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.74.252"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217007/; classtype:trojan-activity;sid:82080107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217008)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.38.106"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217008/; classtype:trojan-activity;sid:82080108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217006)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.19.249.227"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217006/; classtype:trojan-activity;sid:82080106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217005)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.2.3"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217005/; classtype:trojan-activity;sid:82080105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217004)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.123.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217004/; classtype:trojan-activity;sid:82080104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217002)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.235.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217002/; classtype:trojan-activity;sid:82080102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217003)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.249.88.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217003/; classtype:trojan-activity;sid:82080103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217000)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.84.43.74"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217000/; classtype:trojan-activity;sid:82080100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1217001)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"41.86.5.197"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1217001/; classtype:trojan-activity;sid:82080101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216999)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.249.73.46"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216999/; classtype:trojan-activity;sid:82080099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216998)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.150.225"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216998/; classtype:trojan-activity;sid:82080098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216997)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.63.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216997/; classtype:trojan-activity;sid:82080097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216996)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.44.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216996/; classtype:trojan-activity;sid:82080096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216995)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.204.218.232"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216995/; classtype:trojan-activity;sid:82080095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216994)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.122.255"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216994/; classtype:trojan-activity;sid:82080094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216992)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.116.0"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216992/; classtype:trojan-activity;sid:82080092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216993)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.85.209.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216993/; classtype:trojan-activity;sid:82080093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216991)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.85.187.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216991/; classtype:trojan-activity;sid:82080091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216990)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.179.162.76"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216990/; classtype:trojan-activity;sid:82080090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216989)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.167.42"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216989/; classtype:trojan-activity;sid:82080089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216988)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.215.109"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216988/; classtype:trojan-activity;sid:82080088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216986)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.175.32.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216986/; classtype:trojan-activity;sid:82080086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216981)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.3.20"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216981/; classtype:trojan-activity;sid:82080081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216982)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.52.174"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216982/; classtype:trojan-activity;sid:82080082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216983)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.48.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216983/; classtype:trojan-activity;sid:82080083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216984)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.60.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216984/; classtype:trojan-activity;sid:82080084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216985)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.225.247.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216985/; classtype:trojan-activity;sid:82080085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216979)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.202.232.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216979/; classtype:trojan-activity;sid:82080079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216980)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.178.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216980/; classtype:trojan-activity;sid:82080080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216978)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.115.134.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216978/; classtype:trojan-activity;sid:82080078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216977)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.247.156.172"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216977/; classtype:trojan-activity;sid:82080077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216976)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.41.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216976/; classtype:trojan-activity;sid:82080076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216975)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.209.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216975/; classtype:trojan-activity;sid:82080075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216974)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.142.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216974/; classtype:trojan-activity;sid:82080074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216972)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.96.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216972/; classtype:trojan-activity;sid:82080072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216971)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.89.54.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216971/; classtype:trojan-activity;sid:82080071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216970)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.175.58.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216970/; classtype:trojan-activity;sid:82080070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216969)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.175.78.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216969/; classtype:trojan-activity;sid:82080069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216967)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.195.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216967/; classtype:trojan-activity;sid:82080067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216965)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"89.148.232.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216965/; classtype:trojan-activity;sid:82080065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216966)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.175.108.115"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216966/; classtype:trojan-activity;sid:82080066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216964)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.48.12"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216964/; classtype:trojan-activity;sid:82080064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216963)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.143.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216963/; classtype:trojan-activity;sid:82080063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216962)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.156.204.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216962/; classtype:trojan-activity;sid:82080062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216961)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.20.107"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216961/; classtype:trojan-activity;sid:82080061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216959)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.249.72.151"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216959/; classtype:trojan-activity;sid:82080059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216960)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.114.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216960/; classtype:trojan-activity;sid:82080060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216957)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.46.46.191"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216957/; classtype:trojan-activity;sid:82080057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216956)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.41.202.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216956/; classtype:trojan-activity;sid:82080056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216955)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.13.249.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216955/; classtype:trojan-activity;sid:82080055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216954)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.100.207"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216954/; classtype:trojan-activity;sid:82080054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216951)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"171.38.151.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216951/; classtype:trojan-activity;sid:82080051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216952)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"171.38.216.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216952/; classtype:trojan-activity;sid:82080052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216949)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.204.219.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216949/; classtype:trojan-activity;sid:82080049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216950)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.68.143"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216950/; classtype:trojan-activity;sid:82080050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216948)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.66.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216948/; classtype:trojan-activity;sid:82080048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216946)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.241.48.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216946/; classtype:trojan-activity;sid:82080046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216947)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.201.195.200"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216947/; classtype:trojan-activity;sid:82080047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216944)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.164.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216944/; classtype:trojan-activity;sid:82080044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216945)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.8.179"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216945/; classtype:trojan-activity;sid:82080045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216943)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.202.68.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216943/; classtype:trojan-activity;sid:82080043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216942)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.166.51"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216942/; classtype:trojan-activity;sid:82080042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216941)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.97.142.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216941/; classtype:trojan-activity;sid:82080041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216940)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.149.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216940/; classtype:trojan-activity;sid:82080040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216939)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.59.237.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216939/; classtype:trojan-activity;sid:82080039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216938)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.139.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216938/; classtype:trojan-activity;sid:82080038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216937)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.30.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216937/; classtype:trojan-activity;sid:82080037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216936)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.182.244.49"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216936/; classtype:trojan-activity;sid:82080036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216935)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.188.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216935/; classtype:trojan-activity;sid:82080035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216934)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.178.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216934/; classtype:trojan-activity;sid:82080034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216933)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.175.119.189"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216933/; classtype:trojan-activity;sid:82080033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216932)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.175.116.199"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216932/; classtype:trojan-activity;sid:82080032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216931)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.4.5"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216931/; classtype:trojan-activity;sid:82080031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216923)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.141.138.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216923/; classtype:trojan-activity;sid:82080023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216922)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.44.123"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216922/; classtype:trojan-activity;sid:82080022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216919)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.248.73.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216919/; classtype:trojan-activity;sid:82080019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216920)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.172.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216920/; classtype:trojan-activity;sid:82080020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216921)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.47.27"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216921/; classtype:trojan-activity;sid:82080021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216918)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.41.202.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216918/; classtype:trojan-activity;sid:82080018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216917)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.249.17.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216917/; classtype:trojan-activity;sid:82080017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216916)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.249.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216916/; classtype:trojan-activity;sid:82080016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216915)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"213.163.126.176"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216915/; classtype:trojan-activity;sid:82080015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216914)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.58.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216914/; classtype:trojan-activity;sid:82080014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216913)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.178.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216913/; classtype:trojan-activity;sid:82080013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216912)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.216.126"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216912/; classtype:trojan-activity;sid:82080012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216911)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.245.214"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216911/; classtype:trojan-activity;sid:82080011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216909)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.79.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216909/; classtype:trojan-activity;sid:82080009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216910)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.122.255"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216910/; classtype:trojan-activity;sid:82080010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216908)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.204.217.254"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216908/; classtype:trojan-activity;sid:82080008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216907)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.11.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216907/; classtype:trojan-activity;sid:82080007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216906)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.123.119"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216906/; classtype:trojan-activity;sid:82080006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216905)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.5.175"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216905/; classtype:trojan-activity;sid:82080005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216904)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.86.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216904/; classtype:trojan-activity;sid:82080004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216903)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.86.146.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216903/; classtype:trojan-activity;sid:82080003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216902)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.247.200.142"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216902/; classtype:trojan-activity;sid:82080002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216899)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.247.202.170"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216899/; classtype:trojan-activity;sid:82079999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216900)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.241.50.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216900/; classtype:trojan-activity;sid:82080000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216901)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.209.126.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216901/; classtype:trojan-activity;sid:82080001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216897)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.251.58.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216897/; classtype:trojan-activity;sid:82079997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216896)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.75.198.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216896/; classtype:trojan-activity;sid:82079996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216895)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.135.118"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216895/; classtype:trojan-activity;sid:82079995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216893)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.160.139"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216893/; classtype:trojan-activity;sid:82079993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216894)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.241.48.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216894/; classtype:trojan-activity;sid:82079994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216886)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.32.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216886/; classtype:trojan-activity;sid:82079986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216885)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.222.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216885/; classtype:trojan-activity;sid:82079985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216884)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.3.151"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216884/; classtype:trojan-activity;sid:82079984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216883)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.28.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216883/; classtype:trojan-activity;sid:82079983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216882)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.201.198.49"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216882/; classtype:trojan-activity;sid:82079982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216881)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.200.207"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216881/; classtype:trojan-activity;sid:82079981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216877)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.195.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216877/; classtype:trojan-activity;sid:82079977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216878)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.96.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216878/; classtype:trojan-activity;sid:82079978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216879)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.78.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216879/; classtype:trojan-activity;sid:82079979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216880)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.202.69.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216880/; classtype:trojan-activity;sid:82079980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216875)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.248.150.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216875/; classtype:trojan-activity;sid:82079975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216876)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.31.240.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216876/; classtype:trojan-activity;sid:82079976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216873)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.53.224.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216873/; classtype:trojan-activity;sid:82079973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216872)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.123.230.137"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216872/; classtype:trojan-activity;sid:82079972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216871)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.78.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216871/; classtype:trojan-activity;sid:82079971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216870)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.54.41.56"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216870/; classtype:trojan-activity;sid:82079970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216868)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.193.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216868/; classtype:trojan-activity;sid:82079968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216867)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.22.206"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216867/; classtype:trojan-activity;sid:82079967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216866)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.253.10.250"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216866/; classtype:trojan-activity;sid:82079966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216865)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.252.177.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216865/; classtype:trojan-activity;sid:82079965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216864)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.255.13.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216864/; classtype:trojan-activity;sid:82079964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216863)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"49.77.39.192"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216863/; classtype:trojan-activity;sid:82079963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216862)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.236.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216862/; classtype:trojan-activity;sid:82079962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216861)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.80.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216861/; classtype:trojan-activity;sid:82079961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216859)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.175.83.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216859/; classtype:trojan-activity;sid:82079959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216860)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.85.172"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216860/; classtype:trojan-activity;sid:82079960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216857)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.47.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216857/; classtype:trojan-activity;sid:82079957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216858)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.122.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216858/; classtype:trojan-activity;sid:82079958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216856)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.175.79.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216856/; classtype:trojan-activity;sid:82079956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216855)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"213.163.115.31"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216855/; classtype:trojan-activity;sid:82079955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216854)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.65.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216854/; classtype:trojan-activity;sid:82079954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216851)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.126.139"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216851/; classtype:trojan-activity;sid:82079951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216849)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.119.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216849/; classtype:trojan-activity;sid:82079949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216850)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.111.113"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216850/; classtype:trojan-activity;sid:82079950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216846)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.111.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216846/; classtype:trojan-activity;sid:82079946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216847)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.50.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216847/; classtype:trojan-activity;sid:82079947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216848)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.175.94.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216848/; classtype:trojan-activity;sid:82079948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216844)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.44.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216844/; classtype:trojan-activity;sid:82079944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216845)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.122.227"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216845/; classtype:trojan-activity;sid:82079945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216843)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.14.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216843/; classtype:trojan-activity;sid:82079943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216842)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.159.25.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216842/; classtype:trojan-activity;sid:82079942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216841)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.181.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216841/; classtype:trojan-activity;sid:82079941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216840)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.125.204.125"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216840/; classtype:trojan-activity;sid:82079940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216839)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.42.11.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216839/; classtype:trojan-activity;sid:82079939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216838)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.129.131.129"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216838/; classtype:trojan-activity;sid:82079938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216836)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.172.78"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216836/; classtype:trojan-activity;sid:82079936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216837)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.99.249.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216837/; classtype:trojan-activity;sid:82079937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216833)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.247.207.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216833/; classtype:trojan-activity;sid:82079933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216834)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.85.198.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216834/; classtype:trojan-activity;sid:82079934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216830)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.85.239.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216830/; classtype:trojan-activity;sid:82079930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216829)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.175.66.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216829/; classtype:trojan-activity;sid:82079929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216828)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.82.150.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216828/; classtype:trojan-activity;sid:82079928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216827)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.130.208.140"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216827/; classtype:trojan-activity;sid:82079927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216826)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.206.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216826/; classtype:trojan-activity;sid:82079926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216825)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.51.109.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216825/; classtype:trojan-activity;sid:82079925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216824)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.175.94.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216824/; classtype:trojan-activity;sid:82079924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216822)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.212.10"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216822/; classtype:trojan-activity;sid:82079922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216821)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.175.18.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216821/; classtype:trojan-activity;sid:82079921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216820)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.185.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216820/; classtype:trojan-activity;sid:82079920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216819)"; flow:established,from_client; content:"GET"; http_method; content:"/y-e8/img_052_126_097.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"31.210.20.6"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216819/; classtype:trojan-activity;sid:82079919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216818)"; flow:established,from_client; content:"GET"; http_method; content:"/y-e8/giwdmzf.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"31.210.20.6"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216818/; classtype:trojan-activity;sid:82079918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216817)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.53.224.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216817/; classtype:trojan-activity;sid:82079917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216816)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.119.189"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216816/; classtype:trojan-activity;sid:82079916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216814)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"92.113.78.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216814/; classtype:trojan-activity;sid:82079914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216815)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.246.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216815/; classtype:trojan-activity;sid:82079915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216812)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.248.155.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216812/; classtype:trojan-activity;sid:82079912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216813)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.248.154.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216813/; classtype:trojan-activity;sid:82079913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216811)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"49.77.39.192"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216811/; classtype:trojan-activity;sid:82079911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216810)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.23.66"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216810/; classtype:trojan-activity;sid:82079910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216807)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.56.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216807/; classtype:trojan-activity;sid:82079907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216808)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.83.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216808/; classtype:trojan-activity;sid:82079908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216809)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.65.239"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216809/; classtype:trojan-activity;sid:82079909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216806)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.40.102.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216806/; classtype:trojan-activity;sid:82079906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216804)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.135.97.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216804/; classtype:trojan-activity;sid:82079904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216805)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.95.237"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216805/; classtype:trojan-activity;sid:82079905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216803)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.40.78.169"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216803/; classtype:trojan-activity;sid:82079903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216802)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.254.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216802/; classtype:trojan-activity;sid:82079902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216801)"; flow:established,from_client; content:"GET"; http_method; content:"/reboot/win.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"91.218.113.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216801/; classtype:trojan-activity;sid:82079901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216800)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.67.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216800/; classtype:trojan-activity;sid:82079900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216799)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.59.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216799/; classtype:trojan-activity;sid:82079899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216795)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.114.89.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216795/; classtype:trojan-activity;sid:82079895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216796)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.163.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216796/; classtype:trojan-activity;sid:82079896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216797)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.87.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216797/; classtype:trojan-activity;sid:82079897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216798)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.239.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216798/; classtype:trojan-activity;sid:82079898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216793)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.204.211.40"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216793/; classtype:trojan-activity;sid:82079893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216794)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.127.115"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216794/; classtype:trojan-activity;sid:82079894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216791)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.10.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216791/; classtype:trojan-activity;sid:82079891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216792)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.125.195.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216792/; classtype:trojan-activity;sid:82079892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216788)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.67.36"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216788/; classtype:trojan-activity;sid:82079888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216789)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.33.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216789/; classtype:trojan-activity;sid:82079889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216790)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.85.210.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216790/; classtype:trojan-activity;sid:82079890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216783)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.176.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216783/; classtype:trojan-activity;sid:82079883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216784)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.164.85"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216784/; classtype:trojan-activity;sid:82079884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216785)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.70.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216785/; classtype:trojan-activity;sid:82079885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216781)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.201.199.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216781/; classtype:trojan-activity;sid:82079881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216780)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.154.64.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216780/; classtype:trojan-activity;sid:82079880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216779)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.175.36.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216779/; classtype:trojan-activity;sid:82079879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216774)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.79.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216774/; classtype:trojan-activity;sid:82079874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216769)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.83.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216769/; classtype:trojan-activity;sid:82079869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216766)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.90.187.53"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216766/; classtype:trojan-activity;sid:82079866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216767)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.45.12.27"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216767/; classtype:trojan-activity;sid:82079867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216768)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.92.234"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216768/; classtype:trojan-activity;sid:82079868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216764)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.249.74.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216764/; classtype:trojan-activity;sid:82079864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216765)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.47.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216765/; classtype:trojan-activity;sid:82079865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216763)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.40.87.97"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216763/; classtype:trojan-activity;sid:82079863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216762)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.144.139"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216762/; classtype:trojan-activity;sid:82079862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216761)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.66.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216761/; classtype:trojan-activity;sid:82079861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216760)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.214.130.147"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216760/; classtype:trojan-activity;sid:82079860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216759)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.175.125.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216759/; classtype:trojan-activity;sid:82079859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216756)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.24.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216756/; classtype:trojan-activity;sid:82079856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216755)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.76.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216755/; classtype:trojan-activity;sid:82079855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216754)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.68.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216754/; classtype:trojan-activity;sid:82079854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216752)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.90.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216752/; classtype:trojan-activity;sid:82079852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216750)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.117.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216750/; classtype:trojan-activity;sid:82079850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216748)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.120.232"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216748/; classtype:trojan-activity;sid:82079848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216749)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.108.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216749/; classtype:trojan-activity;sid:82079849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216747)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.27.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216747/; classtype:trojan-activity;sid:82079847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216746)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.12.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216746/; classtype:trojan-activity;sid:82079846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216745)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.138.109.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216745/; classtype:trojan-activity;sid:82079845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216741)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.12.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216741/; classtype:trojan-activity;sid:82079841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216740)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.202.64.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216740/; classtype:trojan-activity;sid:82079840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216738)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.44.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216738/; classtype:trojan-activity;sid:82079838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216737)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.85.210.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216737/; classtype:trojan-activity;sid:82079837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216736)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.123.239.49"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216736/; classtype:trojan-activity;sid:82079836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216735)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.148.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216735/; classtype:trojan-activity;sid:82079835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216733)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.35.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216733/; classtype:trojan-activity;sid:82079833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216732)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.130.208.140"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216732/; classtype:trojan-activity;sid:82079832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216731)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.247.84.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216731/; classtype:trojan-activity;sid:82079831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216730)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.59.92.145"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216730/; classtype:trojan-activity;sid:82079830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216729)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.212.10"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216729/; classtype:trojan-activity;sid:82079829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216725)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.152.91"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216725/; classtype:trojan-activity;sid:82079825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216727)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.91.16"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216727/; classtype:trojan-activity;sid:82079827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216724)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.7.211"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216724/; classtype:trojan-activity;sid:82079824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216723)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.140.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216723/; classtype:trojan-activity;sid:82079823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216720)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.255.132.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216720/; classtype:trojan-activity;sid:82079820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216721)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.33.235.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216721/; classtype:trojan-activity;sid:82079821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216718)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.248.147.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216718/; classtype:trojan-activity;sid:82079818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216719)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.249.79.105"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216719/; classtype:trojan-activity;sid:82079819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216716)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.209.95"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216716/; classtype:trojan-activity;sid:82079816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216715)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.41.193.31"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216715/; classtype:trojan-activity;sid:82079815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216713)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.4.230"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216713/; classtype:trojan-activity;sid:82079813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216712)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.27.253"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216712/; classtype:trojan-activity;sid:82079812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216711)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.125.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216711/; classtype:trojan-activity;sid:82079811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216709)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.113.205"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216709/; classtype:trojan-activity;sid:82079809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216708)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.37.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216708/; classtype:trojan-activity;sid:82079808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216707)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.175.91.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216707/; classtype:trojan-activity;sid:82079807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216706)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.36.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216706/; classtype:trojan-activity;sid:82079806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216705)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.241.48.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216705/; classtype:trojan-activity;sid:82079805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216703)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.239.61.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216703/; classtype:trojan-activity;sid:82079803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216702)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.231.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216702/; classtype:trojan-activity;sid:82079802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216701)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.242.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216701/; classtype:trojan-activity;sid:82079801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216700)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.247.205.85"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216700/; classtype:trojan-activity;sid:82079800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216698)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.175.38.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216698/; classtype:trojan-activity;sid:82079798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216697)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.175.109.108"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216697/; classtype:trojan-activity;sid:82079797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216696)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.175.62.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216696/; classtype:trojan-activity;sid:82079796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216694)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.2.178.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216694/; classtype:trojan-activity;sid:82079794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216693)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.139.21"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216693/; classtype:trojan-activity;sid:82079793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216691)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.255.211.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216691/; classtype:trojan-activity;sid:82079791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216692)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.59.129.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216692/; classtype:trojan-activity;sid:82079792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216690)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.20.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216690/; classtype:trojan-activity;sid:82079790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216689)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.59.50.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216689/; classtype:trojan-activity;sid:82079789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216687)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.127.60"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216687/; classtype:trojan-activity;sid:82079787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216688)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.89.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216688/; classtype:trojan-activity;sid:82079788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216686)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.179.166.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216686/; classtype:trojan-activity;sid:82079786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216685)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.62.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216685/; classtype:trojan-activity;sid:82079785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216684)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.8.209"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216684/; classtype:trojan-activity;sid:82079784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216683)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.125.202.174"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216683/; classtype:trojan-activity;sid:82079783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216682)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"59.22.154.105"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216682/; classtype:trojan-activity;sid:82079782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216680)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.204.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216680/; classtype:trojan-activity;sid:82079780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216681)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.179.73.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216681/; classtype:trojan-activity;sid:82079781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216679)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.85.198.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216679/; classtype:trojan-activity;sid:82079779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216677)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.75.198.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216677/; classtype:trojan-activity;sid:82079777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216678)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.174.11"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216678/; classtype:trojan-activity;sid:82079778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216676)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.247.207.95"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216676/; classtype:trojan-activity;sid:82079776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216674)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.248.86"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216674/; classtype:trojan-activity;sid:82079774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216673)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.234.202.13"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216673/; classtype:trojan-activity;sid:82079773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216672)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"111.26.85.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216672/; classtype:trojan-activity;sid:82079772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216671)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"213.163.104.138"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216671/; classtype:trojan-activity;sid:82079771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216670)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.202.67.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216670/; classtype:trojan-activity;sid:82079770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216669)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.7.211"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216669/; classtype:trojan-activity;sid:82079769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216668)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.175.38.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216668/; classtype:trojan-activity;sid:82079768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216667)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"219.76.146.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216667/; classtype:trojan-activity;sid:82079767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216665)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.170.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216665/; classtype:trojan-activity;sid:82079765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216661)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.124.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216661/; classtype:trojan-activity;sid:82079761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216660)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.213.126"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216660/; classtype:trojan-activity;sid:82079760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216657)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.114.106.146"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216657/; classtype:trojan-activity;sid:82079757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216658)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"186.33.114.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216658/; classtype:trojan-activity;sid:82079758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216659)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.80.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216659/; classtype:trojan-activity;sid:82079759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216655)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.179.172.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216655/; classtype:trojan-activity;sid:82079755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216654)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.141.208.140"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216654/; classtype:trojan-activity;sid:82079754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216652)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.175.29.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216652/; classtype:trojan-activity;sid:82079752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216651)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.123.238.237"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216651/; classtype:trojan-activity;sid:82079751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216650)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.91.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216650/; classtype:trojan-activity;sid:82079750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216649)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.214.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216649/; classtype:trojan-activity;sid:82079749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216648)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.241.50.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216648/; classtype:trojan-activity;sid:82079748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216645)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.63.53.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216645/; classtype:trojan-activity;sid:82079745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216642)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.179.237.53"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216642/; classtype:trojan-activity;sid:82079742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216643)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.251.57.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216643/; classtype:trojan-activity;sid:82079743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216644)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.38.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216644/; classtype:trojan-activity;sid:82079744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216641)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.201.198.238"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216641/; classtype:trojan-activity;sid:82079741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216640)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.247.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216640/; classtype:trojan-activity;sid:82079740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216639)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.201.218.49"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216639/; classtype:trojan-activity;sid:82079739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216637)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.97.143.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216637/; classtype:trojan-activity;sid:82079737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216638)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.52.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216638/; classtype:trojan-activity;sid:82079738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216636)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.254.251.99"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216636/; classtype:trojan-activity;sid:82079736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216635)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"85.105.192.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216635/; classtype:trojan-activity;sid:82079735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216634)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.8.221"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216634/; classtype:trojan-activity;sid:82079734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216633)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.109.108"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216633/; classtype:trojan-activity;sid:82079733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216632)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.43.47"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216632/; classtype:trojan-activity;sid:82079732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216631)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.10.225.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216631/; classtype:trojan-activity;sid:82079731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216629)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.253.9.223"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216629/; classtype:trojan-activity;sid:82079729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216623)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.248.140.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216623/; classtype:trojan-activity;sid:82079723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216625)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.175.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216625/; classtype:trojan-activity;sid:82079725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216626)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.248.150.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216626/; classtype:trojan-activity;sid:82079726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216627)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.94.183.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216627/; classtype:trojan-activity;sid:82079727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216628)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.255.14.145"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216628/; classtype:trojan-activity;sid:82079728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216622)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.209.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216622/; classtype:trojan-activity;sid:82079722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216621)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.132.168.243"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216621/; classtype:trojan-activity;sid:82079721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216618)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.219.177"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216618/; classtype:trojan-activity;sid:82079718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216619)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.231.133"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216619/; classtype:trojan-activity;sid:82079719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216616)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.45.37.126"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216616/; classtype:trojan-activity;sid:82079716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216617)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.40.79.75"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216617/; classtype:trojan-activity;sid:82079717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216615)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.122.223.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216615/; classtype:trojan-activity;sid:82079715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216614)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.142.103.168"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216614/; classtype:trojan-activity;sid:82079714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216613)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.98.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216613/; classtype:trojan-activity;sid:82079713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216612)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.70.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216612/; classtype:trojan-activity;sid:82079712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216611)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.125.17.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216611/; classtype:trojan-activity;sid:82079711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216609)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.123.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216609/; classtype:trojan-activity;sid:82079709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216608)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.106.189"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216608/; classtype:trojan-activity;sid:82079708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216606)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.167.237"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216606/; classtype:trojan-activity;sid:82079706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216607)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.162.227"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216607/; classtype:trojan-activity;sid:82079707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216605)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.150.250"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216605/; classtype:trojan-activity;sid:82079705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216604)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.202.68.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216604/; classtype:trojan-activity;sid:82079704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216603)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.13.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216603/; classtype:trojan-activity;sid:82079703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216602)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.248.63"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216602/; classtype:trojan-activity;sid:82079702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216599)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.87.32.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216599/; classtype:trojan-activity;sid:82079699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216600)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.85.185.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216600/; classtype:trojan-activity;sid:82079700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216598)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.226.164.199"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216598/; classtype:trojan-activity;sid:82079698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216597)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.36.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216597/; classtype:trojan-activity;sid:82079697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216596)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.211.68"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216596/; classtype:trojan-activity;sid:82079696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216595)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"106.87.157.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216595/; classtype:trojan-activity;sid:82079695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216594)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.175.68.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216594/; classtype:trojan-activity;sid:82079694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216593)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.202.67.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216593/; classtype:trojan-activity;sid:82079693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216592)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.44.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216592/; classtype:trojan-activity;sid:82079692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216591)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.212.86.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216591/; classtype:trojan-activity;sid:82079691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216589)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.217.178.230"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216589/; classtype:trojan-activity;sid:82079689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216590)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.248.114.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216590/; classtype:trojan-activity;sid:82079690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216587)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.94.182.6"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216587/; classtype:trojan-activity;sid:82079687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216586)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.40.100.168"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216586/; classtype:trojan-activity;sid:82079686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216585)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.194.156.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216585/; classtype:trojan-activity;sid:82079685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216582)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.250.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216582/; classtype:trojan-activity;sid:82079682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216583)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.248.142.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216583/; classtype:trojan-activity;sid:82079683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216580)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.119.250"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216580/; classtype:trojan-activity;sid:82079680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216579)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.148.56.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216579/; classtype:trojan-activity;sid:82079679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216578)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.73.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216578/; classtype:trojan-activity;sid:82079678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216577)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.50.171"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216577/; classtype:trojan-activity;sid:82079677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216574)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.120.58.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216574/; classtype:trojan-activity;sid:82079674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216575)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.175.29.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216575/; classtype:trojan-activity;sid:82079675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216576)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.65.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216576/; classtype:trojan-activity;sid:82079676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216573)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.76.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216573/; classtype:trojan-activity;sid:82079673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216572)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.32.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216572/; classtype:trojan-activity;sid:82079672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216568)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.107.105"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216568/; classtype:trojan-activity;sid:82079668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216569)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.114.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216569/; classtype:trojan-activity;sid:82079669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216570)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.188.95.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216570/; classtype:trojan-activity;sid:82079670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216566)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.204.219.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216566/; classtype:trojan-activity;sid:82079666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216567)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.8.179"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216567/; classtype:trojan-activity;sid:82079667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216562)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.13.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216562/; classtype:trojan-activity;sid:82079662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216563)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.56.167"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216563/; classtype:trojan-activity;sid:82079663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216559)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.12.57.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216559/; classtype:trojan-activity;sid:82079659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216558)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.251.11.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216558/; classtype:trojan-activity;sid:82079658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216557)"; flow:established,from_client; content:"GET"; http_method; content:"/y-e8/olqmvkwk.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"31.210.20.6"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216557/; classtype:trojan-activity;sid:82079657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216554)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.88.193.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216554/; classtype:trojan-activity;sid:82079654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216555)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.223.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216555/; classtype:trojan-activity;sid:82079655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216553)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.74.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216553/; classtype:trojan-activity;sid:82079653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216551)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.175.108.244"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216551/; classtype:trojan-activity;sid:82079651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216548)"; flow:established,from_client; content:"GET"; http_method; content:"/discovery/lik/alxxgkcquwqukab.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"vespang.ga"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216548/; classtype:trojan-activity;sid:82079648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216547)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.194.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216547/; classtype:trojan-activity;sid:82079647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216546)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.22.14"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216546/; classtype:trojan-activity;sid:82079646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216545)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.255.132.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216545/; classtype:trojan-activity;sid:82079645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216544)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"194.132.213.115"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216544/; classtype:trojan-activity;sid:82079644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216542)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.218.173"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216542/; classtype:trojan-activity;sid:82079642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216541)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.158.55.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216541/; classtype:trojan-activity;sid:82079641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216540)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"14.138.8.51"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216540/; classtype:trojan-activity;sid:82079640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216538)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.98.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216538/; classtype:trojan-activity;sid:82079638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216539)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.199.36"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216539/; classtype:trojan-activity;sid:82079639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216537)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.30.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216537/; classtype:trojan-activity;sid:82079637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216536)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.124.46"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216536/; classtype:trojan-activity;sid:82079636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216533)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.179.232.118"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216533/; classtype:trojan-activity;sid:82079633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216534)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.98.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216534/; classtype:trojan-activity;sid:82079634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216535)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.122.209.190"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216535/; classtype:trojan-activity;sid:82079635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216532)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.127.243"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216532/; classtype:trojan-activity;sid:82079632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216531)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.161.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216531/; classtype:trojan-activity;sid:82079631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216529)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.251.18.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216529/; classtype:trojan-activity;sid:82079629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216528)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.68.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216528/; classtype:trojan-activity;sid:82079628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216527)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.85.237.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216527/; classtype:trojan-activity;sid:82079627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216524)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.161.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216524/; classtype:trojan-activity;sid:82079624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216523)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.104.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216523/; classtype:trojan-activity;sid:82079623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216521)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.188.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216521/; classtype:trojan-activity;sid:82079621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216522)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"111.170.85.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216522/; classtype:trojan-activity;sid:82079622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216520)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.12.57.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216520/; classtype:trojan-activity;sid:82079620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216519)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"111.38.103.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216519/; classtype:trojan-activity;sid:82079619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216518)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.50.171"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216518/; classtype:trojan-activity;sid:82079618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216517)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.175.117.109"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216517/; classtype:trojan-activity;sid:82079617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216516)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.175.51.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216516/; classtype:trojan-activity;sid:82079616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216515)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.44.127"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216515/; classtype:trojan-activity;sid:82079615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216511)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.169.254"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216511/; classtype:trojan-activity;sid:82079611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216512)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.37.87"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216512/; classtype:trojan-activity;sid:82079612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216513)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.249.81.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216513/; classtype:trojan-activity;sid:82079613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216508)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.255.209.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216508/; classtype:trojan-activity;sid:82079608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216506)"; flow:established,from_client; content:"GET"; http_method; content:"/xplt/gde.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"alshamaleh-ye.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216506/; classtype:trojan-activity;sid:82079606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216504)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.112.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216504/; classtype:trojan-activity;sid:82079604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216505)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.151.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216505/; classtype:trojan-activity;sid:82079605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216503)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.71.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216503/; classtype:trojan-activity;sid:82079603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216501)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.29.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216501/; classtype:trojan-activity;sid:82079601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216502)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.9.252"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216502/; classtype:trojan-activity;sid:82079602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216498)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.83.113.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216498/; classtype:trojan-activity;sid:82079598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216499)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.93.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216499/; classtype:trojan-activity;sid:82079599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216500)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.32.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216500/; classtype:trojan-activity;sid:82079600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216497)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.67.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216497/; classtype:trojan-activity;sid:82079597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216495)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.40.34.0"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216495/; classtype:trojan-activity;sid:82079595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216493)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.8.104.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216493/; classtype:trojan-activity;sid:82079593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216494)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.19.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216494/; classtype:trojan-activity;sid:82079594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216491)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.233.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216491/; classtype:trojan-activity;sid:82079591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216490)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.241.65.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216490/; classtype:trojan-activity;sid:82079590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216488)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.202.69.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216488/; classtype:trojan-activity;sid:82079588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216485)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.201.202.190"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216485/; classtype:trojan-activity;sid:82079585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216480)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.13.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216480/; classtype:trojan-activity;sid:82079580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216477)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.100.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216477/; classtype:trojan-activity;sid:82079577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216476)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.93.186"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216476/; classtype:trojan-activity;sid:82079576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216474)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.137.38"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216474/; classtype:trojan-activity;sid:82079574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216471)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.93.188.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216471/; classtype:trojan-activity;sid:82079571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216470)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.138.8.51"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216470/; classtype:trojan-activity;sid:82079570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216468)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.65.172.121"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216468/; classtype:trojan-activity;sid:82079568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216467)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.157.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216467/; classtype:trojan-activity;sid:82079567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216464)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.255.143.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216464/; classtype:trojan-activity;sid:82079564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216462)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.248.153.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216462/; classtype:trojan-activity;sid:82079562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216463)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.94.180.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216463/; classtype:trojan-activity;sid:82079563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216460)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.175.42.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216460/; classtype:trojan-activity;sid:82079560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216459)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.249.75.174"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216459/; classtype:trojan-activity;sid:82079559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216455)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.6.193.5"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216455/; classtype:trojan-activity;sid:82079555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216456)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.154.114.67"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216456/; classtype:trojan-activity;sid:82079556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216457)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.190.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216457/; classtype:trojan-activity;sid:82079557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216451)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.80.156.6"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216451/; classtype:trojan-activity;sid:82079551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216452)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.198.128.14"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216452/; classtype:trojan-activity;sid:82079552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216453)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.134.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216453/; classtype:trojan-activity;sid:82079553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216454)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.177.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216454/; classtype:trojan-activity;sid:82079554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216449)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.120.194.163"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216449/; classtype:trojan-activity;sid:82079549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216450)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.96.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216450/; classtype:trojan-activity;sid:82079550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216446)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.185.249.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216446/; classtype:trojan-activity;sid:82079546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216445)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.99.253"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216445/; classtype:trojan-activity;sid:82079545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216443)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.125.205.38"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216443/; classtype:trojan-activity;sid:82079543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216442)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.141.22.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216442/; classtype:trojan-activity;sid:82079542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216438)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.46.178.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216438/; classtype:trojan-activity;sid:82079538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216437)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.62.19"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216437/; classtype:trojan-activity;sid:82079537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216436)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.45.59.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216436/; classtype:trojan-activity;sid:82079536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216434)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.103.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216434/; classtype:trojan-activity;sid:82079534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216433)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.227.174.158"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216433/; classtype:trojan-activity;sid:82079533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216431)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.83.6.28"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216431/; classtype:trojan-activity;sid:82079531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216432)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.102.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216432/; classtype:trojan-activity;sid:82079532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216430)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.30.110.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216430/; classtype:trojan-activity;sid:82079530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216429)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.30.110.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216429/; classtype:trojan-activity;sid:82079529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216428)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"111.163.31.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216428/; classtype:trojan-activity;sid:82079528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216427)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.175.74.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216427/; classtype:trojan-activity;sid:82079527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216425)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.93.188.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216425/; classtype:trojan-activity;sid:82079525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216424)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.44.197"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216424/; classtype:trojan-activity;sid:82079524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216422)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.249.79.41"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216422/; classtype:trojan-activity;sid:82079522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216420)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.249.86.198"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216420/; classtype:trojan-activity;sid:82079520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216421)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.36.47"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216421/; classtype:trojan-activity;sid:82079521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216418)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.248.79.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216418/; classtype:trojan-activity;sid:82079518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216415)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"220.165.205.6"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216415/; classtype:trojan-activity;sid:82079515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216414)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.59.78.5"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216414/; classtype:trojan-activity;sid:82079514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216413)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.210.146.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216413/; classtype:trojan-activity;sid:82079513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216411)"; flow:established,from_client; content:"GET"; http_method; content:"/gunns/jojo/axd70r2umtc1a0x.exe"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"vespang.ga"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216411/; classtype:trojan-activity;sid:82079511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216412)"; flow:established,from_client; content:"GET"; http_method; content:"/gunns/dj/hxyndk2uqpv8rvj.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"vespang.ga"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216412/; classtype:trojan-activity;sid:82079512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216409)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.71.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216409/; classtype:trojan-activity;sid:82079509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216407)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.2.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216407/; classtype:trojan-activity;sid:82079507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216408)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.66.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216408/; classtype:trojan-activity;sid:82079508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216406)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.18.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216406/; classtype:trojan-activity;sid:82079506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216405)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.18.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216405/; classtype:trojan-activity;sid:82079505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216403)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"139.213.3.31"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216403/; classtype:trojan-activity;sid:82079503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216404)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"121.23.195.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216404/; classtype:trojan-activity;sid:82079504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216401)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.85.165.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216401/; classtype:trojan-activity;sid:82079501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216402)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.246.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216402/; classtype:trojan-activity;sid:82079502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216398)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.44.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216398/; classtype:trojan-activity;sid:82079498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216400)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.30.199.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216400/; classtype:trojan-activity;sid:82079500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216395)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.59.197.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216395/; classtype:trojan-activity;sid:82079495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216387)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.66.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216387/; classtype:trojan-activity;sid:82079487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216389)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.185.207"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216389/; classtype:trojan-activity;sid:82079489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216386)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.226.129.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216386/; classtype:trojan-activity;sid:82079486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216383)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.239.100.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216383/; classtype:trojan-activity;sid:82079483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216384)"; flow:established,from_client; content:"GET"; http_method; content:"/aggiornamento.apk"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"aggiornappmobile.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216384/; classtype:trojan-activity;sid:82079484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216381)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.22.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216381/; classtype:trojan-activity;sid:82079481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216380)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.248.146.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216380/; classtype:trojan-activity;sid:82079480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216375)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.139.94.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216375/; classtype:trojan-activity;sid:82079475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216376)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.249.79.15"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216376/; classtype:trojan-activity;sid:82079476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216377)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.66.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216377/; classtype:trojan-activity;sid:82079477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216378)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.76.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216378/; classtype:trojan-activity;sid:82079478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216379)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.245.82"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216379/; classtype:trojan-activity;sid:82079479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216373)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.175.65.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216373/; classtype:trojan-activity;sid:82079473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216371)"; flow:established,from_client; content:"GET"; http_method; content:"/gunns/fada/j5nrnkhh75uhr2l.exe"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"vespang.ga"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216371/; classtype:trojan-activity;sid:82079471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216372)"; flow:established,from_client; content:"GET"; http_method; content:"/xplt/cosmos.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"alshamaleh-ye.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216372/; classtype:trojan-activity;sid:82079472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216370)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.141.208.140"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216370/; classtype:trojan-activity;sid:82079470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216369)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.175.109.216"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216369/; classtype:trojan-activity;sid:82079469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216368)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"183.83.115.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216368/; classtype:trojan-activity;sid:82079468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216367)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.228.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216367/; classtype:trojan-activity;sid:82079467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216362)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.185.249.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216362/; classtype:trojan-activity;sid:82079462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216358)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"213.163.113.51"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216358/; classtype:trojan-activity;sid:82079458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216359)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.154.103.54"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216359/; classtype:trojan-activity;sid:82079459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216355)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.45.58.190"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216355/; classtype:trojan-activity;sid:82079455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216356)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.40.87.72"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216356/; classtype:trojan-activity;sid:82079456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216354)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.134.172.149"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216354/; classtype:trojan-activity;sid:82079454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216353)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"121.232.39.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216353/; classtype:trojan-activity;sid:82079453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216352)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.1.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216352/; classtype:trojan-activity;sid:82079452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216351)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.62.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216351/; classtype:trojan-activity;sid:82079451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216350)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.48.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216350/; classtype:trojan-activity;sid:82079450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216347)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.96.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216347/; classtype:trojan-activity;sid:82079447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216348)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.26.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216348/; classtype:trojan-activity;sid:82079448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216349)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.35.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216349/; classtype:trojan-activity;sid:82079449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216345)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"171.38.221.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216345/; classtype:trojan-activity;sid:82079445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216346)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"186.232.237.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216346/; classtype:trojan-activity;sid:82079446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216344)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.16.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216344/; classtype:trojan-activity;sid:82079444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216343)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.85.197.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216343/; classtype:trojan-activity;sid:82079443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216341)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"83.233.196.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216341/; classtype:trojan-activity;sid:82079441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216339)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.113.180.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216339/; classtype:trojan-activity;sid:82079439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216338)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.213.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216338/; classtype:trojan-activity;sid:82079438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216336)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.149.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216336/; classtype:trojan-activity;sid:82079436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216337)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.87.200.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216337/; classtype:trojan-activity;sid:82079437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216335)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.167.3.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216335/; classtype:trojan-activity;sid:82079435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216334)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.175.25.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216334/; classtype:trojan-activity;sid:82079434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216333)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.173.99"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216333/; classtype:trojan-activity;sid:82079433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216332)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.175.17.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216332/; classtype:trojan-activity;sid:82079432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216331)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.109.216"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216331/; classtype:trojan-activity;sid:82079431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216330)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.65.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216330/; classtype:trojan-activity;sid:82079430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216329)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.60.112.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216329/; classtype:trojan-activity;sid:82079429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216327)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.61.68"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216327/; classtype:trojan-activity;sid:82079427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216328)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.249.82.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216328/; classtype:trojan-activity;sid:82079428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216326)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.54.62.108"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216326/; classtype:trojan-activity;sid:82079426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216325)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.234.146.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216325/; classtype:trojan-activity;sid:82079425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216324)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"213.163.126.175"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216324/; classtype:trojan-activity;sid:82079424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216322)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.40.74.54"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216322/; classtype:trojan-activity;sid:82079422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216321)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.50.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216321/; classtype:trojan-activity;sid:82079421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216319)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.125.202.255"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216319/; classtype:trojan-activity;sid:82079419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216317)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.228.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216317/; classtype:trojan-activity;sid:82079417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216318)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"153.34.87.174"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216318/; classtype:trojan-activity;sid:82079418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216316)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.53.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216316/; classtype:trojan-activity;sid:82079416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216314)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"157.122.105.49"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216314/; classtype:trojan-activity;sid:82079414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216315)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.120.59.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216315/; classtype:trojan-activity;sid:82079415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216311)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.73.102"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216311/; classtype:trojan-activity;sid:82079411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216310)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.75.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216310/; classtype:trojan-activity;sid:82079410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216309)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"122.97.69.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216309/; classtype:trojan-activity;sid:82079409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216307)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.186.124"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216307/; classtype:trojan-activity;sid:82079407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216304)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.202.64.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216304/; classtype:trojan-activity;sid:82079404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216302)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.85.175.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216302/; classtype:trojan-activity;sid:82079402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216301)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.186.164.68"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216301/; classtype:trojan-activity;sid:82079401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216300)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.186.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216300/; classtype:trojan-activity;sid:82079400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216297)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.87.202.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216297/; classtype:trojan-activity;sid:82079397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216298)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.133.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216298/; classtype:trojan-activity;sid:82079398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216299)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.61.164.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216299/; classtype:trojan-activity;sid:82079399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216296)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.156.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216296/; classtype:trojan-activity;sid:82079396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216294)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.118.76"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216294/; classtype:trojan-activity;sid:82079394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216295)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.43.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216295/; classtype:trojan-activity;sid:82079395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216293)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.202.69.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216293/; classtype:trojan-activity;sid:82079393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216292)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.117.152.118"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216292/; classtype:trojan-activity;sid:82079392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216291)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.198.48.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216291/; classtype:trojan-activity;sid:82079391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216290)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.175.70.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216290/; classtype:trojan-activity;sid:82079390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216287)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.175.110.4"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216287/; classtype:trojan-activity;sid:82079387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216285)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.248.145.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216285/; classtype:trojan-activity;sid:82079385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216286)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.248.153.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216286/; classtype:trojan-activity;sid:82079386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216283)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.94.183.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216283/; classtype:trojan-activity;sid:82079383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216282)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"121.232.39.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216282/; classtype:trojan-activity;sid:82079382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216281)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"220.201.155.12"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216281/; classtype:trojan-activity;sid:82079381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216278)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.40.87.160"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216278/; classtype:trojan-activity;sid:82079378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216279)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.46.44.18"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216279/; classtype:trojan-activity;sid:82079379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216277)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.79.148.26"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216277/; classtype:trojan-activity;sid:82079377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216275)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.228.43.143"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216275/; classtype:trojan-activity;sid:82079375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216276)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.161.187"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216276/; classtype:trojan-activity;sid:82079376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216274)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.207.182.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216274/; classtype:trojan-activity;sid:82079374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216273)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"173.63.104.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216273/; classtype:trojan-activity;sid:82079373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216272)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.221.203"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216272/; classtype:trojan-activity;sid:82079372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216271)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.49.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216271/; classtype:trojan-activity;sid:82079371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216270)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.102.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216270/; classtype:trojan-activity;sid:82079370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216269)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.114.252"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216269/; classtype:trojan-activity;sid:82079369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216267)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"83.233.196.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216267/; classtype:trojan-activity;sid:82079367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216266)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.12.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216266/; classtype:trojan-activity;sid:82079366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216264)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.152.83.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216264/; classtype:trojan-activity;sid:82079364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216260)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"118.79.114.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216260/; classtype:trojan-activity;sid:82079360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216259)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.5.60"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216259/; classtype:trojan-activity;sid:82079359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216258)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.51.109.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216258/; classtype:trojan-activity;sid:82079358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216254)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.175.59.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216254/; classtype:trojan-activity;sid:82079354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216253)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"69.237.103.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216253/; classtype:trojan-activity;sid:82079353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216249)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.175.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216249/; classtype:trojan-activity;sid:82079349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216250)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.140.121"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216250/; classtype:trojan-activity;sid:82079350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216247)"; flow:established,from_client; content:"GET"; http_method; content:"/cv/remittance%20e-mail%20layout%20-%2011_.jar"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"almawraqi.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216247/; classtype:trojan-activity;sid:82079347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216245)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.64.49"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216245/; classtype:trojan-activity;sid:82079345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216244)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.65.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216244/; classtype:trojan-activity;sid:82079344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216242)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.168.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216242/; classtype:trojan-activity;sid:82079342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216243)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.249.73.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216243/; classtype:trojan-activity;sid:82079343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216240)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.173.247"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216240/; classtype:trojan-activity;sid:82079340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216239)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.139.75.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216239/; classtype:trojan-activity;sid:82079339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216238)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.9.124.127"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216238/; classtype:trojan-activity;sid:82079338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216237)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.68.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216237/; classtype:trojan-activity;sid:82079337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216236)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.69.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216236/; classtype:trojan-activity;sid:82079336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216235)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.30.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216235/; classtype:trojan-activity;sid:82079335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216233)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.107.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216233/; classtype:trojan-activity;sid:82079333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216231)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.123.208.59"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216231/; classtype:trojan-activity;sid:82079331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216232)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.64.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216232/; classtype:trojan-activity;sid:82079332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216228)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.83.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216228/; classtype:trojan-activity;sid:82079328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216229)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.80.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216229/; classtype:trojan-activity;sid:82079329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216230)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.57.64.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216230/; classtype:trojan-activity;sid:82079330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216226)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.27.177.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216226/; classtype:trojan-activity;sid:82079326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216227)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.10.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216227/; classtype:trojan-activity;sid:82079327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216225)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.83.74"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216225/; classtype:trojan-activity;sid:82079325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216223)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.179.167.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216223/; classtype:trojan-activity;sid:82079323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216222)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.74.217"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216222/; classtype:trojan-activity;sid:82079322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216215)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.11.228.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216215/; classtype:trojan-activity;sid:82079315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216216)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.188.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216216/; classtype:trojan-activity;sid:82079316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216214)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.214.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216214/; classtype:trojan-activity;sid:82079314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216213)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.237.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216213/; classtype:trojan-activity;sid:82079313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216212)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.198.48.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216212/; classtype:trojan-activity;sid:82079312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216210)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.17.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216210/; classtype:trojan-activity;sid:82079310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216211)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.120.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216211/; classtype:trojan-activity;sid:82079311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216207)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.243.6.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216207/; classtype:trojan-activity;sid:82079307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216206)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.227.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216206/; classtype:trojan-activity;sid:82079306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216205)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.175.57.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216205/; classtype:trojan-activity;sid:82079305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216203)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.110.4"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216203/; classtype:trojan-activity;sid:82079303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216200)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.200.191.52"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216200/; classtype:trojan-activity;sid:82079300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216199)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.80.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216199/; classtype:trojan-activity;sid:82079299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216198)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.175.102.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216198/; classtype:trojan-activity;sid:82079298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216196)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/frosty.spc"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"86.104.194.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216196/; classtype:trojan-activity;sid:82079296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216197)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.70.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216197/; classtype:trojan-activity;sid:82079297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216195)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.142.17"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216195/; classtype:trojan-activity;sid:82079295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216192)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.42.227"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216192/; classtype:trojan-activity;sid:82079292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216191)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.252.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216191/; classtype:trojan-activity;sid:82079291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216189)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.32.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216189/; classtype:trojan-activity;sid:82079289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216190)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.160.113"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216190/; classtype:trojan-activity;sid:82079290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216187)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.20.47"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216187/; classtype:trojan-activity;sid:82079287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216186)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"213.163.104.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216186/; classtype:trojan-activity;sid:82079286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216185)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.84.42.110"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216185/; classtype:trojan-activity;sid:82079285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216184)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"173.63.104.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216184/; classtype:trojan-activity;sid:82079284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216181)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"153.3.126.105"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216181/; classtype:trojan-activity;sid:82079281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216180)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.75.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216180/; classtype:trojan-activity;sid:82079280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216178)"; flow:established,from_client; content:"GET"; http_method; content:"/dirdir000/0s1s12.x86"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"193.47.34.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216178/; classtype:trojan-activity;sid:82079278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216179)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.142.101.154"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216179/; classtype:trojan-activity;sid:82079279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216175)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.125.200.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216175/; classtype:trojan-activity;sid:82079275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216176)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.10.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216176/; classtype:trojan-activity;sid:82079276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216177)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.120.171"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216177/; classtype:trojan-activity;sid:82079277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216173)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.57.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216173/; classtype:trojan-activity;sid:82079273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216174)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.50.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216174/; classtype:trojan-activity;sid:82079274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216172)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.106.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216172/; classtype:trojan-activity;sid:82079272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216170)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.165.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216170/; classtype:trojan-activity;sid:82079270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216169)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.42.96.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216169/; classtype:trojan-activity;sid:82079269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216167)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.33.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216167/; classtype:trojan-activity;sid:82079267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216164)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.9.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216164/; classtype:trojan-activity;sid:82079264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216162)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.163.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216162/; classtype:trojan-activity;sid:82079262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216159)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.103.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216159/; classtype:trojan-activity;sid:82079259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216155)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.175.116.85"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216155/; classtype:trojan-activity;sid:82079255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216153)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.172.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216153/; classtype:trojan-activity;sid:82079253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216150)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.249.77.144"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216150/; classtype:trojan-activity;sid:82079250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216151)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.248.148.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216151/; classtype:trojan-activity;sid:82079251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216152)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.249.88.215"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216152/; classtype:trojan-activity;sid:82079252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216149)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.232.47.91"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216149/; classtype:trojan-activity;sid:82079249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216148)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.73.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216148/; classtype:trojan-activity;sid:82079248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216147)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.53.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216147/; classtype:trojan-activity;sid:82079247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216145)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.154.97.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216145/; classtype:trojan-activity;sid:82079245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216143)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.118.163.185"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216143/; classtype:trojan-activity;sid:82079243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216142)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.207.231"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216142/; classtype:trojan-activity;sid:82079242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216141)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.57.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216141/; classtype:trojan-activity;sid:82079241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216139)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.122.25"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216139/; classtype:trojan-activity;sid:82079239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216140)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.77.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216140/; classtype:trojan-activity;sid:82079240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216138)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.18.230"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216138/; classtype:trojan-activity;sid:82079238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216137)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.40.105.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216137/; classtype:trojan-activity;sid:82079237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216133)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.200.191.52"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216133/; classtype:trojan-activity;sid:82079233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216134)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.3.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216134/; classtype:trojan-activity;sid:82079234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216135)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.175.79.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216135/; classtype:trojan-activity;sid:82079235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216132)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.73.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216132/; classtype:trojan-activity;sid:82079232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216130)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.54.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216130/; classtype:trojan-activity;sid:82079230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216129)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.19.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216129/; classtype:trojan-activity;sid:82079229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216126)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.165.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216126/; classtype:trojan-activity;sid:82079226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216125)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.185.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216125/; classtype:trojan-activity;sid:82079225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216124)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.123.253.11"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216124/; classtype:trojan-activity;sid:82079224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216122)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.51.126.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216122/; classtype:trojan-activity;sid:82079222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216121)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.11.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216121/; classtype:trojan-activity;sid:82079221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216119)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.55.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216119/; classtype:trojan-activity;sid:82079219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216118)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.150.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216118/; classtype:trojan-activity;sid:82079218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216115)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/frosty.x86"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"86.104.194.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216115/; classtype:trojan-activity;sid:82079215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216116)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/frosty.mips"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"86.104.194.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216116/; classtype:trojan-activity;sid:82079216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216111)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/frosty.m68k"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"86.104.194.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216111/; classtype:trojan-activity;sid:82079211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216112)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/frosty.sh4"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"86.104.194.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216112/; classtype:trojan-activity;sid:82079212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216113)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/frosty.arm7"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"86.104.194.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216113/; classtype:trojan-activity;sid:82079213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216114)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/frosty.ppc"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"86.104.194.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216114/; classtype:trojan-activity;sid:82079214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216109)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/frosty.arm6"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"86.104.194.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216109/; classtype:trojan-activity;sid:82079209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216110)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/frosty.arm"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"86.104.194.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216110/; classtype:trojan-activity;sid:82079210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216107)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/frosty.arm5"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"86.104.194.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216107/; classtype:trojan-activity;sid:82079207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216108)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/frosty.mpsl"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"86.104.194.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216108/; classtype:trojan-activity;sid:82079208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216105)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.102.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216105/; classtype:trojan-activity;sid:82079205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216102)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.196.75.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216102/; classtype:trojan-activity;sid:82079202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216099)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.255.211.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216099/; classtype:trojan-activity;sid:82079199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216096)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.248.113.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216096/; classtype:trojan-activity;sid:82079196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216097)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.248.78.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216097/; classtype:trojan-activity;sid:82079197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216098)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"69.237.103.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216098/; classtype:trojan-activity;sid:82079198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216094)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.77.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216094/; classtype:trojan-activity;sid:82079194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216093)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.46.47.114"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216093/; classtype:trojan-activity;sid:82079193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216092)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.53.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216092/; classtype:trojan-activity;sid:82079192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216091)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.74.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216091/; classtype:trojan-activity;sid:82079191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216090)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.61.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216090/; classtype:trojan-activity;sid:82079190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216089)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.66.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216089/; classtype:trojan-activity;sid:82079189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216088)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"101.108.132.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216088/; classtype:trojan-activity;sid:82079188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216087)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.123.226.137"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216087/; classtype:trojan-activity;sid:82079187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216086)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.50.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216086/; classtype:trojan-activity;sid:82079186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216084)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.186.34.234"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216084/; classtype:trojan-activity;sid:82079184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216082)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.85.237.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216082/; classtype:trojan-activity;sid:82079182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216081)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.14.173"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216081/; classtype:trojan-activity;sid:82079181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216080)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.54.128.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216080/; classtype:trojan-activity;sid:82079180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216079)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.175.26.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216079/; classtype:trojan-activity;sid:82079179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216078)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.201.204.103"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216078/; classtype:trojan-activity;sid:82079178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216076)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.179.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216076/; classtype:trojan-activity;sid:82079176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216077)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.200.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216077/; classtype:trojan-activity;sid:82079177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216073)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.163.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216073/; classtype:trojan-activity;sid:82079173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216075)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"218.87.2.141"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216075/; classtype:trojan-activity;sid:82079175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216072)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.61.185.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216072/; classtype:trojan-activity;sid:82079172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216069)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.88.67.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216069/; classtype:trojan-activity;sid:82079169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216068)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"69.237.103.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216068/; classtype:trojan-activity;sid:82079168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216067)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.6.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216067/; classtype:trojan-activity;sid:82079167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216066)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.196.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216066/; classtype:trojan-activity;sid:82079166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216065)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.43.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216065/; classtype:trojan-activity;sid:82079165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216064)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.232.47.91"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216064/; classtype:trojan-activity;sid:82079164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216063)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"14.162.248.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216063/; classtype:trojan-activity;sid:82079163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216061)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.175.229"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216061/; classtype:trojan-activity;sid:82079161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216059)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.80.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216059/; classtype:trojan-activity;sid:82079159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216056)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.222.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216056/; classtype:trojan-activity;sid:82079156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216055)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.206.19.182"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216055/; classtype:trojan-activity;sid:82079155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216054)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.45.15.55"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216054/; classtype:trojan-activity;sid:82079154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216053)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.249.89.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216053/; classtype:trojan-activity;sid:82079153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216052)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.219.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216052/; classtype:trojan-activity;sid:82079152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216051)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.29.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216051/; classtype:trojan-activity;sid:82079151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216050)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.102.51"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216050/; classtype:trojan-activity;sid:82079150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216049)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.116.85"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216049/; classtype:trojan-activity;sid:82079149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216048)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.67.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216048/; classtype:trojan-activity;sid:82079148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216047)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.3.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216047/; classtype:trojan-activity;sid:82079147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216046)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.57.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216046/; classtype:trojan-activity;sid:82079146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216044)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.217.152"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216044/; classtype:trojan-activity;sid:82079144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216045)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.59.129.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216045/; classtype:trojan-activity;sid:82079145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216043)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.114.68.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216043/; classtype:trojan-activity;sid:82079143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216042)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"84.228.114.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216042/; classtype:trojan-activity;sid:82079142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216041)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"157.122.107.149"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216041/; classtype:trojan-activity;sid:82079141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216040)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.25.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216040/; classtype:trojan-activity;sid:82079140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216038)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.251.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216038/; classtype:trojan-activity;sid:82079138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216039)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.179.173.53"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216039/; classtype:trojan-activity;sid:82079139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216037)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.110.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216037/; classtype:trojan-activity;sid:82079137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216035)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.104.163"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216035/; classtype:trojan-activity;sid:82079135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216036)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.154.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216036/; classtype:trojan-activity;sid:82079136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216033)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.34.92"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216033/; classtype:trojan-activity;sid:82079133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216032)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.126.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216032/; classtype:trojan-activity;sid:82079132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216030)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.175.0.115"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216030/; classtype:trojan-activity;sid:82079130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216029)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.97.142.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216029/; classtype:trojan-activity;sid:82079129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216028)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.251.69.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216028/; classtype:trojan-activity;sid:82079128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216027)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.158.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216027/; classtype:trojan-activity;sid:82079127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216023)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.26.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216023/; classtype:trojan-activity;sid:82079123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216022)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.205.45"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216022/; classtype:trojan-activity;sid:82079122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216020)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.186.34.234"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216020/; classtype:trojan-activity;sid:82079120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216016)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.40.74.4"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216016/; classtype:trojan-activity;sid:82079116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216019)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.6.146.154"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216019/; classtype:trojan-activity;sid:82079119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216014)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.85.172"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216014/; classtype:trojan-activity;sid:82079114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216015)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.87.64"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216015/; classtype:trojan-activity;sid:82079115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216013)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.82.144"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216013/; classtype:trojan-activity;sid:82079113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216011)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.213.111.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216011/; classtype:trojan-activity;sid:82079111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216012)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.185.142"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216012/; classtype:trojan-activity;sid:82079112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216009)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.6.115"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216009/; classtype:trojan-activity;sid:82079109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216008)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"171.36.208.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216008/; classtype:trojan-activity;sid:82079108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216007)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.80.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216007/; classtype:trojan-activity;sid:82079107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216004)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.115.190.133"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216004/; classtype:trojan-activity;sid:82079104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216005)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.179.234.142"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216005/; classtype:trojan-activity;sid:82079105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216002)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.104.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216002/; classtype:trojan-activity;sid:82079102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216001)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.107.44.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216001/; classtype:trojan-activity;sid:82079101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215999)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.85.199.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215999/; classtype:trojan-activity;sid:82079099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1216000)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.186.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1216000/; classtype:trojan-activity;sid:82079100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215998)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.214.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215998/; classtype:trojan-activity;sid:82079098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215995)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.201.200.117"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215995/; classtype:trojan-activity;sid:82079095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215996)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.161.232"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215996/; classtype:trojan-activity;sid:82079096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215992)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.202.65.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215992/; classtype:trojan-activity;sid:82079092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215990)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.182.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215990/; classtype:trojan-activity;sid:82079090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215989)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.207.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215989/; classtype:trojan-activity;sid:82079089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215986)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.243.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215986/; classtype:trojan-activity;sid:82079086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215988)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.53.229.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215988/; classtype:trojan-activity;sid:82079088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215984)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.62.102"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215984/; classtype:trojan-activity;sid:82079084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215981)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"101.108.132.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215981/; classtype:trojan-activity;sid:82079081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215979)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.175.89.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215979/; classtype:trojan-activity;sid:82079079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215978)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"122.6.254.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215978/; classtype:trojan-activity;sid:82079078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215977)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.172.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215977/; classtype:trojan-activity;sid:82079077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215973)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.249.75.229"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215973/; classtype:trojan-activity;sid:82079073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215970)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.142.254.110"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215970/; classtype:trojan-activity;sid:82079070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215971)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.10.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215971/; classtype:trojan-activity;sid:82079071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215972)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.45.10.2"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215972/; classtype:trojan-activity;sid:82079072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215969)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.26.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215969/; classtype:trojan-activity;sid:82079069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215964)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.123.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215964/; classtype:trojan-activity;sid:82079064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215965)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.245.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215965/; classtype:trojan-activity;sid:82079065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215967)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.1.244.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215967/; classtype:trojan-activity;sid:82079067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215961)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.12.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215961/; classtype:trojan-activity;sid:82079061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215960)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.52.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215960/; classtype:trojan-activity;sid:82079060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215956)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.114.106.146"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215956/; classtype:trojan-activity;sid:82079056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215958)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.25.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215958/; classtype:trojan-activity;sid:82079058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215954)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.241.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215954/; classtype:trojan-activity;sid:82079054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215955)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.204.208.179"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215955/; classtype:trojan-activity;sid:82079055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215951)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.85.239.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215951/; classtype:trojan-activity;sid:82079051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215952)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.129.96.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215952/; classtype:trojan-activity;sid:82079052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215950)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.165.203.64"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215950/; classtype:trojan-activity;sid:82079050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215949)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.81.27"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215949/; classtype:trojan-activity;sid:82079049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215948)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.251.18.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215948/; classtype:trojan-activity;sid:82079048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215946)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.85.239.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215946/; classtype:trojan-activity;sid:82079046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215947)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.84.218.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215947/; classtype:trojan-activity;sid:82079047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215945)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.247.205.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215945/; classtype:trojan-activity;sid:82079045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215942)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.247.202.184"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215942/; classtype:trojan-activity;sid:82079042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215941)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.247.202.222"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215941/; classtype:trojan-activity;sid:82079041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215939)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.241.51.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215939/; classtype:trojan-activity;sid:82079039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215936)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.95.31.213"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215936/; classtype:trojan-activity;sid:82079036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215934)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.175.106.254"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215934/; classtype:trojan-activity;sid:82079034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215935)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.140.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215935/; classtype:trojan-activity;sid:82079035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215933)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.84.240.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215933/; classtype:trojan-activity;sid:82079033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215932)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.123.49"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215932/; classtype:trojan-activity;sid:82079032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215931)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.205.45"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215931/; classtype:trojan-activity;sid:82079031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215927)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.42.238"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215927/; classtype:trojan-activity;sid:82079027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215926)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.249.88.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215926/; classtype:trojan-activity;sid:82079026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215924)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.40.82"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215924/; classtype:trojan-activity;sid:82079024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215925)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.246.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215925/; classtype:trojan-activity;sid:82079025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215923)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.174.94"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215923/; classtype:trojan-activity;sid:82079023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215918)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.225.25.237"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215918/; classtype:trojan-activity;sid:82079018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215919)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.66.99.189"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215919/; classtype:trojan-activity;sid:82079019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215920)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.249.76.239"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215920/; classtype:trojan-activity;sid:82079020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215916)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"41.86.18.204"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215916/; classtype:trojan-activity;sid:82079016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215915)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.132.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215915/; classtype:trojan-activity;sid:82079015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215914)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.116.230"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215914/; classtype:trojan-activity;sid:82079014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215913)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.122.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215913/; classtype:trojan-activity;sid:82079013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215912)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.96.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215912/; classtype:trojan-activity;sid:82079012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215911)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.93.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215911/; classtype:trojan-activity;sid:82079011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215910)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.87.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215910/; classtype:trojan-activity;sid:82079010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215908)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.188.164.82"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215908/; classtype:trojan-activity;sid:82079008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215909)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.214.59"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215909/; classtype:trojan-activity;sid:82079009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215907)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.102.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215907/; classtype:trojan-activity;sid:82079007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215904)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.42.96.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215904/; classtype:trojan-activity;sid:82079004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215905)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.162.5.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215905/; classtype:trojan-activity;sid:82079005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215903)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.1.144"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215903/; classtype:trojan-activity;sid:82079003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215901)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.108.143"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215901/; classtype:trojan-activity;sid:82079001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215900)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.6.161.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215900/; classtype:trojan-activity;sid:82079000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215896)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.206.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215896/; classtype:trojan-activity;sid:82078996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215895)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"183.158.55.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215895/; classtype:trojan-activity;sid:82078995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215894)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.228.84.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215894/; classtype:trojan-activity;sid:82078994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215893)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.118.30.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215893/; classtype:trojan-activity;sid:82078993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215892)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.89.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215892/; classtype:trojan-activity;sid:82078992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215891)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.124.227.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215891/; classtype:trojan-activity;sid:82078991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215890)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.100.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215890/; classtype:trojan-activity;sid:82078990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215887)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.91.12"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215887/; classtype:trojan-activity;sid:82078987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215885)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.252.175.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215885/; classtype:trojan-activity;sid:82078985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215883)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.153.204.143"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215883/; classtype:trojan-activity;sid:82078983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215882)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.224.169.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215882/; classtype:trojan-activity;sid:82078982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215878)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.7.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215878/; classtype:trojan-activity;sid:82078978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215875)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.74.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215875/; classtype:trojan-activity;sid:82078975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215874)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.10.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215874/; classtype:trojan-activity;sid:82078974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215873)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.106.254"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215873/; classtype:trojan-activity;sid:82078973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215872)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.3.186"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215872/; classtype:trojan-activity;sid:82078972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215870)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.3.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215870/; classtype:trojan-activity;sid:82078970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215869)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.108.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215869/; classtype:trojan-activity;sid:82078969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215867)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.247.122.218"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215867/; classtype:trojan-activity;sid:82078967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215868)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.7.13"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215868/; classtype:trojan-activity;sid:82078968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215862)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.186.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215862/; classtype:trojan-activity;sid:82078962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215866)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.71.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215866/; classtype:trojan-activity;sid:82078966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215859)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.213.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215859/; classtype:trojan-activity;sid:82078959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215857)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.35.190"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215857/; classtype:trojan-activity;sid:82078957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215856)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.192.225.10"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215856/; classtype:trojan-activity;sid:82078956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215854)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.53.32.46"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215854/; classtype:trojan-activity;sid:82078954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215853)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.116.91.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215853/; classtype:trojan-activity;sid:82078953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215845)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.52.100.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215845/; classtype:trojan-activity;sid:82078945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215844)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.122.175.22"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215844/; classtype:trojan-activity;sid:82078944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215842)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.136.215.132"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215842/; classtype:trojan-activity;sid:82078942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215843)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"101.108.131.28"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215843/; classtype:trojan-activity;sid:82078943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215838)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.95.136.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215838/; classtype:trojan-activity;sid:82078938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215839)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.126.11.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215839/; classtype:trojan-activity;sid:82078939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215840)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.190.160.203"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215840/; classtype:trojan-activity;sid:82078940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215836)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.154.108.22"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215836/; classtype:trojan-activity;sid:82078936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215834)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.248.146.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215834/; classtype:trojan-activity;sid:82078934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215833)"; flow:established,from_client; content:"GET"; http_method; content:"/bo.ppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"203.159.80.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215833/; classtype:trojan-activity;sid:82078933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215832)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.175.13.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215832/; classtype:trojan-activity;sid:82078932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215830)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.59.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215830/; classtype:trojan-activity;sid:82078930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215829)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.108.64"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215829/; classtype:trojan-activity;sid:82078929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215828)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.175.58.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215828/; classtype:trojan-activity;sid:82078928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215826)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.162.115.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215826/; classtype:trojan-activity;sid:82078926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215824)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.44.29"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215824/; classtype:trojan-activity;sid:82078924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215823)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.43.110.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215823/; classtype:trojan-activity;sid:82078923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215822)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"213.163.116.132"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215822/; classtype:trojan-activity;sid:82078922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215820)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.205.243"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215820/; classtype:trojan-activity;sid:82078920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215819)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.224.171.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215819/; classtype:trojan-activity;sid:82078919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215817)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.88.142.135"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215817/; classtype:trojan-activity;sid:82078917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215818)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.83.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215818/; classtype:trojan-activity;sid:82078918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215815)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.40.75.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215815/; classtype:trojan-activity;sid:82078915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215814)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.41.252.173"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215814/; classtype:trojan-activity;sid:82078914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215813)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.98.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215813/; classtype:trojan-activity;sid:82078913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215811)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.95.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215811/; classtype:trojan-activity;sid:82078911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215810)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.110.53"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215810/; classtype:trojan-activity;sid:82078910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215808)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.11.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215808/; classtype:trojan-activity;sid:82078908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215809)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.12.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215809/; classtype:trojan-activity;sid:82078909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215807)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.115.238"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215807/; classtype:trojan-activity;sid:82078907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215805)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.27.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215805/; classtype:trojan-activity;sid:82078905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215806)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.114.227"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215806/; classtype:trojan-activity;sid:82078906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215803)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.179.170.90"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215803/; classtype:trojan-activity;sid:82078903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215802)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.69.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215802/; classtype:trojan-activity;sid:82078902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215800)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.142.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215800/; classtype:trojan-activity;sid:82078900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215798)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.85.197.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215798/; classtype:trojan-activity;sid:82078898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215799)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.85.199.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215799/; classtype:trojan-activity;sid:82078899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215797)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.196.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215797/; classtype:trojan-activity;sid:82078897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215794)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.12.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215794/; classtype:trojan-activity;sid:82078894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215791)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.175.127.46"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215791/; classtype:trojan-activity;sid:82078891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215786)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.5.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215786/; classtype:trojan-activity;sid:82078886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215787)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.175.25.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215787/; classtype:trojan-activity;sid:82078887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215788)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.158.55.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215788/; classtype:trojan-activity;sid:82078888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215785)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.175.110.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215785/; classtype:trojan-activity;sid:82078885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215784)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.6.115"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215784/; classtype:trojan-activity;sid:82078884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215783)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"91.124.227.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215783/; classtype:trojan-activity;sid:82078883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215782)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.57.57"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215782/; classtype:trojan-activity;sid:82078882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215780)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.142.111"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215780/; classtype:trojan-activity;sid:82078880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215781)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.40.187"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215781/; classtype:trojan-activity;sid:82078881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215777)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.248.143.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215777/; classtype:trojan-activity;sid:82078877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215774)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.86.250.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215774/; classtype:trojan-activity;sid:82078874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215773)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.126.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215773/; classtype:trojan-activity;sid:82078873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215772)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.78.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215772/; classtype:trojan-activity;sid:82078872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215771)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.199.140"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215771/; classtype:trojan-activity;sid:82078871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215769)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.124.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215769/; classtype:trojan-activity;sid:82078869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215770)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.126.250"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215770/; classtype:trojan-activity;sid:82078870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215768)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.17.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215768/; classtype:trojan-activity;sid:82078868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215767)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.109.174"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215767/; classtype:trojan-activity;sid:82078867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215765)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.34.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215765/; classtype:trojan-activity;sid:82078865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215766)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.120.49"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215766/; classtype:trojan-activity;sid:82078866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215764)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.125.97"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215764/; classtype:trojan-activity;sid:82078864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215762)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.23.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215762/; classtype:trojan-activity;sid:82078862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215763)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.42.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215763/; classtype:trojan-activity;sid:82078863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215760)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.7.184.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215760/; classtype:trojan-activity;sid:82078860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215759)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.125.102"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215759/; classtype:trojan-activity;sid:82078859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215758)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.127.60"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215758/; classtype:trojan-activity;sid:82078858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215757)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.125.205.12"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215757/; classtype:trojan-activity;sid:82078857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215756)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.45.184.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215756/; classtype:trojan-activity;sid:82078856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215753)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.129.67.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215753/; classtype:trojan-activity;sid:82078853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215754)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.188.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215754/; classtype:trojan-activity;sid:82078854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215752)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.13.21.133"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215752/; classtype:trojan-activity;sid:82078852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215750)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.173.205"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215750/; classtype:trojan-activity;sid:82078850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215745)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.46.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215745/; classtype:trojan-activity;sid:82078845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215741)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.42.32.124"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215741/; classtype:trojan-activity;sid:82078841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215736)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.162.248.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215736/; classtype:trojan-activity;sid:82078836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215733)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.58.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215733/; classtype:trojan-activity;sid:82078833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215732)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.13.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215732/; classtype:trojan-activity;sid:82078832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215731)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.48.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215731/; classtype:trojan-activity;sid:82078831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215730)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.150.226"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215730/; classtype:trojan-activity;sid:82078830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215727)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.40.128"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215727/; classtype:trojan-activity;sid:82078827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215723)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.81.157.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215723/; classtype:trojan-activity;sid:82078823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215722)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.11.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215722/; classtype:trojan-activity;sid:82078822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215721)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.228.67.81"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215721/; classtype:trojan-activity;sid:82078821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215720)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.110.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215720/; classtype:trojan-activity;sid:82078820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215719)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.146.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215719/; classtype:trojan-activity;sid:82078819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215718)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.114.9"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215718/; classtype:trojan-activity;sid:82078818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215716)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"180.126.115.125"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215716/; classtype:trojan-activity;sid:82078816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215715)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.127.46"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215715/; classtype:trojan-activity;sid:82078815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215713)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.44.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215713/; classtype:trojan-activity;sid:82078813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215710)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.107.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215710/; classtype:trojan-activity;sid:82078810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215708)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.9.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215708/; classtype:trojan-activity;sid:82078808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215707)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.38.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215707/; classtype:trojan-activity;sid:82078807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215706)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.230.86.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215706/; classtype:trojan-activity;sid:82078806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215703)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.157.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215703/; classtype:trojan-activity;sid:82078803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215704)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.201.192.125"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215704/; classtype:trojan-activity;sid:82078804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215701)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.53.6.81"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215701/; classtype:trojan-activity;sid:82078801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215700)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.83.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215700/; classtype:trojan-activity;sid:82078800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215698)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.143.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215698/; classtype:trojan-activity;sid:82078798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215697)"; flow:established,from_client; content:"GET"; http_method; content:"/favico/mna.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"vespang.ga"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215697/; classtype:trojan-activity;sid:82078797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215696)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.116.244.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215696/; classtype:trojan-activity;sid:82078796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215694)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.175.52.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215694/; classtype:trojan-activity;sid:82078794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215692)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.251.61.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215692/; classtype:trojan-activity;sid:82078792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215691)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.123.221.227"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215691/; classtype:trojan-activity;sid:82078791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215690)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.175.10.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215690/; classtype:trojan-activity;sid:82078790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215689)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.175.52.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215689/; classtype:trojan-activity;sid:82078789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215686)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.142.121"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215686/; classtype:trojan-activity;sid:82078786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215684)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.36.148"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215684/; classtype:trojan-activity;sid:82078784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215685)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.207.151.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215685/; classtype:trojan-activity;sid:82078785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215682)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.49.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215682/; classtype:trojan-activity;sid:82078782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215681)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.86.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215681/; classtype:trojan-activity;sid:82078781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215680)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"213.163.115.102"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215680/; classtype:trojan-activity;sid:82078780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215678)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.17.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215678/; classtype:trojan-activity;sid:82078778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215674)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.81.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215674/; classtype:trojan-activity;sid:82078774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215672)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"171.40.182.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215672/; classtype:trojan-activity;sid:82078772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215671)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.25.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215671/; classtype:trojan-activity;sid:82078771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215669)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.125.16.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215669/; classtype:trojan-activity;sid:82078769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215670)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.247.206.115"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215670/; classtype:trojan-activity;sid:82078770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215668)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.209.126.225"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215668/; classtype:trojan-activity;sid:82078768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215665)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.97.135.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215665/; classtype:trojan-activity;sid:82078765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215666)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"153.3.40.39"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215666/; classtype:trojan-activity;sid:82078766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215667)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.87.32.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215667/; classtype:trojan-activity;sid:82078767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215659)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.178.92.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215659/; classtype:trojan-activity;sid:82078759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215658)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.88.208.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215658/; classtype:trojan-activity;sid:82078758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215657)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.99.253"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215657/; classtype:trojan-activity;sid:82078757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215656)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.64.49"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215656/; classtype:trojan-activity;sid:82078756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215654)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.52.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215654/; classtype:trojan-activity;sid:82078754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215653)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.127.133"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215653/; classtype:trojan-activity;sid:82078753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215652)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.175.62.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215652/; classtype:trojan-activity;sid:82078752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215651)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.175.51.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215651/; classtype:trojan-activity;sid:82078751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215649)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.248.144.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215649/; classtype:trojan-activity;sid:82078749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215647)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.50.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215647/; classtype:trojan-activity;sid:82078747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215644)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.89.69.98"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215644/; classtype:trojan-activity;sid:82078744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215645)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.177.157.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215645/; classtype:trojan-activity;sid:82078745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215640)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"122.6.254.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215640/; classtype:trojan-activity;sid:82078740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215642)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.233.77.121"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215642/; classtype:trojan-activity;sid:82078742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215643)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.232.170.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215643/; classtype:trojan-activity;sid:82078743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215639)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.45.56.158"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215639/; classtype:trojan-activity;sid:82078739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215638)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"197.246.168.214"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215638/; classtype:trojan-activity;sid:82078738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215636)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.125.204.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215636/; classtype:trojan-activity;sid:82078736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215637)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.93.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215637/; classtype:trojan-activity;sid:82078737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215635)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.100.227"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215635/; classtype:trojan-activity;sid:82078735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215634)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.40.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215634/; classtype:trojan-activity;sid:82078734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215632)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.31.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215632/; classtype:trojan-activity;sid:82078732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215631)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.179.162.173"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215631/; classtype:trojan-activity;sid:82078731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215628)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.108.64"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215628/; classtype:trojan-activity;sid:82078728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215629)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.58.238.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215629/; classtype:trojan-activity;sid:82078729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215630)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"180.104.95.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215630/; classtype:trojan-activity;sid:82078730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215626)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.32.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215626/; classtype:trojan-activity;sid:82078726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215624)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.128.192.77"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215624/; classtype:trojan-activity;sid:82078724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215623)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.86.75.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215623/; classtype:trojan-activity;sid:82078723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215621)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.164.159"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215621/; classtype:trojan-activity;sid:82078721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215617)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.118.15.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215617/; classtype:trojan-activity;sid:82078717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215612)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.90.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215612/; classtype:trojan-activity;sid:82078712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215613)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.59.155.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215613/; classtype:trojan-activity;sid:82078713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215614)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.251.61.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215614/; classtype:trojan-activity;sid:82078714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215611)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"111.170.85.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215611/; classtype:trojan-activity;sid:82078711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215610)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.182.124.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215610/; classtype:trojan-activity;sid:82078710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215609)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.175.30.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215609/; classtype:trojan-activity;sid:82078709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215608)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.114.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215608/; classtype:trojan-activity;sid:82078708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215606)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.144.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215606/; classtype:trojan-activity;sid:82078706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215605)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.94.34.92"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215605/; classtype:trojan-activity;sid:82078705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215603)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.248.116.119"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215603/; classtype:trojan-activity;sid:82078703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215604)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.40.83.220"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215604/; classtype:trojan-activity;sid:82078704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215602)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.168.105"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215602/; classtype:trojan-activity;sid:82078702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215601)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.255.18.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215601/; classtype:trojan-activity;sid:82078701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215599)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.249.76.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215599/; classtype:trojan-activity;sid:82078699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215600)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.248.151.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215600/; classtype:trojan-activity;sid:82078700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215598)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.198.232"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215598/; classtype:trojan-activity;sid:82078698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215595)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.40.101.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215595/; classtype:trojan-activity;sid:82078695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215596)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"203.82.49.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215596/; classtype:trojan-activity;sid:82078696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215594)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.1.172.182"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215594/; classtype:trojan-activity;sid:82078694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215593)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.213.0"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215593/; classtype:trojan-activity;sid:82078693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215592)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.26.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215592/; classtype:trojan-activity;sid:82078692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215590)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.233.64.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215590/; classtype:trojan-activity;sid:82078690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215589)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.136.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215589/; classtype:trojan-activity;sid:82078689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215586)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.17.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215586/; classtype:trojan-activity;sid:82078686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215587)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.160.126.69"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215587/; classtype:trojan-activity;sid:82078687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215582)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.120.86.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215582/; classtype:trojan-activity;sid:82078682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215583)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.71.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215583/; classtype:trojan-activity;sid:82078683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215584)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.139.146"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215584/; classtype:trojan-activity;sid:82078684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215581)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.102.118"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215581/; classtype:trojan-activity;sid:82078681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215580)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.23.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215580/; classtype:trojan-activity;sid:82078680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215579)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.108.156"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215579/; classtype:trojan-activity;sid:82078679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215578)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.75.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215578/; classtype:trojan-activity;sid:82078678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215577)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.175.101.94"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215577/; classtype:trojan-activity;sid:82078677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215573)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.130.101.70"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215573/; classtype:trojan-activity;sid:82078673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215574)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.216.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215574/; classtype:trojan-activity;sid:82078674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215572)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.126.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215572/; classtype:trojan-activity;sid:82078672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215568)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.241.50.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215568/; classtype:trojan-activity;sid:82078668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215569)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.85.172.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215569/; classtype:trojan-activity;sid:82078669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215562)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.118.166.105"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215562/; classtype:trojan-activity;sid:82078662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215560)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.3.156.237"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215560/; classtype:trojan-activity;sid:82078660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215557)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.246.95.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215557/; classtype:trojan-activity;sid:82078657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215558)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.246.223.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215558/; classtype:trojan-activity;sid:82078658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215554)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.62.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215554/; classtype:trojan-activity;sid:82078654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215552)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.3.115"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215552/; classtype:trojan-activity;sid:82078652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215551)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.255.19.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215551/; classtype:trojan-activity;sid:82078651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215548)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.232.227.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215548/; classtype:trojan-activity;sid:82078648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215549)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.226.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215549/; classtype:trojan-activity;sid:82078649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215550)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.236.156"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215550/; classtype:trojan-activity;sid:82078650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215547)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.237.124.230"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215547/; classtype:trojan-activity;sid:82078647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215545)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.121.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215545/; classtype:trojan-activity;sid:82078645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215543)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.52.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215543/; classtype:trojan-activity;sid:82078643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215544)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.198.248"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215544/; classtype:trojan-activity;sid:82078644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215541)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.179.164.237"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215541/; classtype:trojan-activity;sid:82078641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215538)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.210.143"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215538/; classtype:trojan-activity;sid:82078638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215536)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.129.155.94"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215536/; classtype:trojan-activity;sid:82078636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215532)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.85.172.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215532/; classtype:trojan-activity;sid:82078632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215531)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.34.178"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215531/; classtype:trojan-activity;sid:82078631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215530)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.179.85"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215530/; classtype:trojan-activity;sid:82078630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215529)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.185.153"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215529/; classtype:trojan-activity;sid:82078629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215524)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.72.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215524/; classtype:trojan-activity;sid:82078624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215523)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"180.158.55.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215523/; classtype:trojan-activity;sid:82078623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215522)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.175.68.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215522/; classtype:trojan-activity;sid:82078622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215521)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.95.119"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215521/; classtype:trojan-activity;sid:82078621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215519)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.228.35.237"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215519/; classtype:trojan-activity;sid:82078619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215517)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.163.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215517/; classtype:trojan-activity;sid:82078617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215516)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.86.250.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215516/; classtype:trojan-activity;sid:82078616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215514)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.121.13"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215514/; classtype:trojan-activity;sid:82078614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215512)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.207.7.194"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215512/; classtype:trojan-activity;sid:82078612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215513)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.208.133"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215513/; classtype:trojan-activity;sid:82078613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215511)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.15.90.209"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215511/; classtype:trojan-activity;sid:82078611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215510)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.102.118"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215510/; classtype:trojan-activity;sid:82078610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215509)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.116.199"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215509/; classtype:trojan-activity;sid:82078609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215508)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.92.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215508/; classtype:trojan-activity;sid:82078608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215505)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.98.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215505/; classtype:trojan-activity;sid:82078605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215504)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.98.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215504/; classtype:trojan-activity;sid:82078604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215503)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.75.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215503/; classtype:trojan-activity;sid:82078603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215502)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.220.124"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215502/; classtype:trojan-activity;sid:82078602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215501)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.125.202.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215501/; classtype:trojan-activity;sid:82078601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215498)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.179.217.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215498/; classtype:trojan-activity;sid:82078598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215497)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.125.202.64"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215497/; classtype:trojan-activity;sid:82078597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215494)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.85.165.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215494/; classtype:trojan-activity;sid:82078594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215495)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.232.113.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215495/; classtype:trojan-activity;sid:82078595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215492)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.79.151.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215492/; classtype:trojan-activity;sid:82078592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215493)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.186.205.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215493/; classtype:trojan-activity;sid:82078593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215491)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.87.126.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215491/; classtype:trojan-activity;sid:82078591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215489)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.192.227.192"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215489/; classtype:trojan-activity;sid:82078589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215488)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.20.3.178"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215488/; classtype:trojan-activity;sid:82078588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215487)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.14.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215487/; classtype:trojan-activity;sid:82078587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215486)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.87.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215486/; classtype:trojan-activity;sid:82078586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215482)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.201.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215482/; classtype:trojan-activity;sid:82078582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215481)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.248.114.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215481/; classtype:trojan-activity;sid:82078581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215480)"; flow:established,from_client; content:"GET"; http_method; content:"/gunns/effot/thyo2q4wxpxmkju.exe"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"vespang.ga"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215480/; classtype:trojan-activity;sid:82078580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215479)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.228.192.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215479/; classtype:trojan-activity;sid:82078579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215478)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.40.78.154"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215478/; classtype:trojan-activity;sid:82078578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215476)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.50.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215476/; classtype:trojan-activity;sid:82078576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215474)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.114.50.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215474/; classtype:trojan-activity;sid:82078574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215475)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.154.125.170"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215475/; classtype:trojan-activity;sid:82078575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215473)"; flow:established,from_client; content:"GET"; http_method; content:"/ok.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"lacasadepapel0x0.s3-ap-southeast-1.amazonaws.com"; http_host; depth:48; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215473/; classtype:trojan-activity;sid:82078573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215472)"; flow:established,from_client; content:"GET"; http_method; content:"/gunns/pop/tuudajpotjvbvlb.exe"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"vespang.ga"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215472/; classtype:trojan-activity;sid:82078572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215471)"; flow:established,from_client; content:"GET"; http_method; content:"/gunns/jas/qi7c2elxsuxf0ob.exe"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"vespang.ga"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215471/; classtype:trojan-activity;sid:82078571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215470)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.110.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215470/; classtype:trojan-activity;sid:82078570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215469)"; flow:established,from_client; content:"GET"; http_method; content:"/download|3f|cid=cc8e780854d8644c|7c|26|7c|resid=cc8e780854d8644c%21108|7c|26|7c|authkey=apbpcr_4jw1-mie"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215469/; classtype:trojan-activity;sid:82078569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215468)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.56.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215468/; classtype:trojan-activity;sid:82078568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215466)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.175.86.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215466/; classtype:trojan-activity;sid:82078566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215467)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.41.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215467/; classtype:trojan-activity;sid:82078567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215465)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.85.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215465/; classtype:trojan-activity;sid:82078565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215463)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.68.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215463/; classtype:trojan-activity;sid:82078563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215461)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"180.180.217.241"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215461/; classtype:trojan-activity;sid:82078561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215462)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.15.89.38"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215462/; classtype:trojan-activity;sid:82078562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215460)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.34.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215460/; classtype:trojan-activity;sid:82078560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215459)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.58.174.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215459/; classtype:trojan-activity;sid:82078559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215456)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.109.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215456/; classtype:trojan-activity;sid:82078556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215452)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.247.207.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215452/; classtype:trojan-activity;sid:82078552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215451)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.43.173.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215451/; classtype:trojan-activity;sid:82078551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215450)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.232.204.136"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215450/; classtype:trojan-activity;sid:82078550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215449)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.61.117.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215449/; classtype:trojan-activity;sid:82078549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215447)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.11.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215447/; classtype:trojan-activity;sid:82078547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215445)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.161.148"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215445/; classtype:trojan-activity;sid:82078545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215439)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.179.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215439/; classtype:trojan-activity;sid:82078539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215440)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"101.17.165.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215440/; classtype:trojan-activity;sid:82078540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215438)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.119.203"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215438/; classtype:trojan-activity;sid:82078538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215437)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.132.169.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215437/; classtype:trojan-activity;sid:82078537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215436)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.68.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215436/; classtype:trojan-activity;sid:82078536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215435)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.9.244.57"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215435/; classtype:trojan-activity;sid:82078535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215434)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.175.24.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215434/; classtype:trojan-activity;sid:82078534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215430)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.30.214.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215430/; classtype:trojan-activity;sid:82078530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215428)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.94.182.237"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215428/; classtype:trojan-activity;sid:82078528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215426)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.85.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215426/; classtype:trojan-activity;sid:82078526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215425)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.188.51.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215425/; classtype:trojan-activity;sid:82078525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215424)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.55.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215424/; classtype:trojan-activity;sid:82078524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215423)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.2.118"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215423/; classtype:trojan-activity;sid:82078523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215421)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.107.225"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215421/; classtype:trojan-activity;sid:82078521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215420)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.47.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215420/; classtype:trojan-activity;sid:82078520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215419)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.116.6"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215419/; classtype:trojan-activity;sid:82078519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215417)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.169.225"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215417/; classtype:trojan-activity;sid:82078517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215418)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.10.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215418/; classtype:trojan-activity;sid:82078518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215413)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.6.27"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215413/; classtype:trojan-activity;sid:82078513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215414)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.47.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215414/; classtype:trojan-activity;sid:82078514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215415)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.50.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215415/; classtype:trojan-activity;sid:82078515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215416)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.142.248.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215416/; classtype:trojan-activity;sid:82078516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215410)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.191.14"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215410/; classtype:trojan-activity;sid:82078510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215407)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.179.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215407/; classtype:trojan-activity;sid:82078507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215401)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.45.49.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215401/; classtype:trojan-activity;sid:82078501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215400)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/themes/zephyr/ialfumybf6fqhqc5.jpg"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"tracker-one.com.au"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215400/; classtype:trojan-activity;sid:82078500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215398)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"68.148.103.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215398/; classtype:trojan-activity;sid:82078498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215395)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.174.171"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215395/; classtype:trojan-activity;sid:82078495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215393)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.40.117.171"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215393/; classtype:trojan-activity;sid:82078493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215391)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.194.176.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215391/; classtype:trojan-activity;sid:82078491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215390)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.234.249.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215390/; classtype:trojan-activity;sid:82078490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215388)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.134.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215388/; classtype:trojan-activity;sid:82078488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215387)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.188.211.186"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215387/; classtype:trojan-activity;sid:82078487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215384)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.49.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215384/; classtype:trojan-activity;sid:82078484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215385)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.79.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215385/; classtype:trojan-activity;sid:82078485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215382)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.89.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215382/; classtype:trojan-activity;sid:82078482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215381)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.42.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215381/; classtype:trojan-activity;sid:82078481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215378)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.116.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215378/; classtype:trojan-activity;sid:82078478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215379)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.103.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215379/; classtype:trojan-activity;sid:82078479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215376)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.68.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215376/; classtype:trojan-activity;sid:82078476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215377)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.9.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215377/; classtype:trojan-activity;sid:82078477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215375)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.118.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215375/; classtype:trojan-activity;sid:82078475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215373)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.42.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215373/; classtype:trojan-activity;sid:82078473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215371)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.175.4.230"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215371/; classtype:trojan-activity;sid:82078471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215368)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.102.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215368/; classtype:trojan-activity;sid:82078468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215369)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.192.15"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215369/; classtype:trojan-activity;sid:82078469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215367)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.86.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215367/; classtype:trojan-activity;sid:82078467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215363)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"95.132.169.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215363/; classtype:trojan-activity;sid:82078463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215362)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.83.187.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215362/; classtype:trojan-activity;sid:82078462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215361)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.56.15"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215361/; classtype:trojan-activity;sid:82078461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215359)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.61.183.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215359/; classtype:trojan-activity;sid:82078459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215360)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.135.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215360/; classtype:trojan-activity;sid:82078460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215358)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.252.197.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215358/; classtype:trojan-activity;sid:82078458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215354)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.81.96"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215354/; classtype:trojan-activity;sid:82078454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215353)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.32.83.81"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215353/; classtype:trojan-activity;sid:82078453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215352)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.73.153.250"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215352/; classtype:trojan-activity;sid:82078452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215351)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.78.197.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215351/; classtype:trojan-activity;sid:82078451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215348)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.179.160.148"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215348/; classtype:trojan-activity;sid:82078448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215349)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.138.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215349/; classtype:trojan-activity;sid:82078449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215350)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.113.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215350/; classtype:trojan-activity;sid:82078450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215346)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.242.158.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215346/; classtype:trojan-activity;sid:82078446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215345)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"95.9.244.57"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215345/; classtype:trojan-activity;sid:82078445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215344)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.24.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215344/; classtype:trojan-activity;sid:82078444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215341)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.150.226"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215341/; classtype:trojan-activity;sid:82078441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215340)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"68.148.103.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215340/; classtype:trojan-activity;sid:82078440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215339)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.21.143"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215339/; classtype:trojan-activity;sid:82078439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215338)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.61.176"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215338/; classtype:trojan-activity;sid:82078438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215337)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.141.159.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215337/; classtype:trojan-activity;sid:82078437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215334)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.153.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215334/; classtype:trojan-activity;sid:82078434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215331)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.247.200.127"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215331/; classtype:trojan-activity;sid:82078431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215328)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.58.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215328/; classtype:trojan-activity;sid:82078428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215329)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.125.202.67"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215329/; classtype:trojan-activity;sid:82078429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215330)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.227.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215330/; classtype:trojan-activity;sid:82078430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215327)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.27.124.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215327/; classtype:trojan-activity;sid:82078427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215326)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.214.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215326/; classtype:trojan-activity;sid:82078426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215323)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.175.62.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215323/; classtype:trojan-activity;sid:82078423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215322)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.249.91.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215322/; classtype:trojan-activity;sid:82078422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215321)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.13.232"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215321/; classtype:trojan-activity;sid:82078421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215316)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.30.145"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215316/; classtype:trojan-activity;sid:82078416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215314)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.240.180"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215314/; classtype:trojan-activity;sid:82078414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215312)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.114.250.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215312/; classtype:trojan-activity;sid:82078412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215313)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.29.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215313/; classtype:trojan-activity;sid:82078413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215309)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.91.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215309/; classtype:trojan-activity;sid:82078409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215306)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.35.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215306/; classtype:trojan-activity;sid:82078406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215307)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.50.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215307/; classtype:trojan-activity;sid:82078407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215308)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.91.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215308/; classtype:trojan-activity;sid:82078408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215302)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.122.207"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215302/; classtype:trojan-activity;sid:82078402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215304)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.3.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215304/; classtype:trojan-activity;sid:82078404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215301)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.236.132.27"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215301/; classtype:trojan-activity;sid:82078401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215300)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.25.105.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215300/; classtype:trojan-activity;sid:82078400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215297)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.123.237.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215297/; classtype:trojan-activity;sid:82078397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215294)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.148.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215294/; classtype:trojan-activity;sid:82078394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215284)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.21.139"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215284/; classtype:trojan-activity;sid:82078384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215283)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.53.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215283/; classtype:trojan-activity;sid:82078383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215282)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.23.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215282/; classtype:trojan-activity;sid:82078382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215277)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.216.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215277/; classtype:trojan-activity;sid:82078377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215276)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.44.84"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215276/; classtype:trojan-activity;sid:82078376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215275)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.86.217"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215275/; classtype:trojan-activity;sid:82078375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215270)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"195.64.162.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215270/; classtype:trojan-activity;sid:82078370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215268)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.62.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215268/; classtype:trojan-activity;sid:82078368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215265)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.98.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215265/; classtype:trojan-activity;sid:82078365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215266)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.53.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215266/; classtype:trojan-activity;sid:82078366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215262)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.114.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215262/; classtype:trojan-activity;sid:82078362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215260)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.26.124.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215260/; classtype:trojan-activity;sid:82078360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215261)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.122.46"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215261/; classtype:trojan-activity;sid:82078361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215258)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.95.113"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215258/; classtype:trojan-activity;sid:82078358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215257)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"171.119.223.25"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215257/; classtype:trojan-activity;sid:82078357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215256)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.241.51.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215256/; classtype:trojan-activity;sid:82078356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215255)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.179.165.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215255/; classtype:trojan-activity;sid:82078355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215253)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.220.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215253/; classtype:trojan-activity;sid:82078353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215254)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.85.164.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215254/; classtype:trojan-activity;sid:82078354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215252)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.100.194"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215252/; classtype:trojan-activity;sid:82078352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215250)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.101.94"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215250/; classtype:trojan-activity;sid:82078350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215249)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.14.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215249/; classtype:trojan-activity;sid:82078349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215247)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.104.238.83"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215247/; classtype:trojan-activity;sid:82078347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215248)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.51.126.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215248/; classtype:trojan-activity;sid:82078348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215246)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.94.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215246/; classtype:trojan-activity;sid:82078346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215244)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.50.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215244/; classtype:trojan-activity;sid:82078344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215242)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.146.181"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215242/; classtype:trojan-activity;sid:82078342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215240)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.73.99"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215240/; classtype:trojan-activity;sid:82078340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215236)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.174.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215236/; classtype:trojan-activity;sid:82078336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215234)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.148.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215234/; classtype:trojan-activity;sid:82078334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215233)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.138.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215233/; classtype:trojan-activity;sid:82078333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215231)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.97.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215231/; classtype:trojan-activity;sid:82078331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215229)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.41.145.207"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215229/; classtype:trojan-activity;sid:82078329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215230)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.27.87.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215230/; classtype:trojan-activity;sid:82078330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215227)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.4.230"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215227/; classtype:trojan-activity;sid:82078327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215228)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"153.3.40.39"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215228/; classtype:trojan-activity;sid:82078328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215225)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.122.221.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215225/; classtype:trojan-activity;sid:82078325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215223)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.108.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215223/; classtype:trojan-activity;sid:82078323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215224)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.244.203"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215224/; classtype:trojan-activity;sid:82078324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215222)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.179.164.237"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215222/; classtype:trojan-activity;sid:82078322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215219)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.84.231"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215219/; classtype:trojan-activity;sid:82078319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215220)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.247.205.238"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215220/; classtype:trojan-activity;sid:82078320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215218)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.179.214.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215218/; classtype:trojan-activity;sid:82078318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215215)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.210.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215215/; classtype:trojan-activity;sid:82078315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215214)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.176.161.41"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215214/; classtype:trojan-activity;sid:82078314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215213)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.85.239.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215213/; classtype:trojan-activity;sid:82078313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215211)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.201.207.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215211/; classtype:trojan-activity;sid:82078311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215209)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.201.196.173"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215209/; classtype:trojan-activity;sid:82078309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215207)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.85.93.202"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215207/; classtype:trojan-activity;sid:82078307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215206)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.183.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215206/; classtype:trojan-activity;sid:82078306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215205)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.60.136"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215205/; classtype:trojan-activity;sid:82078305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215204)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.175.62.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215204/; classtype:trojan-activity;sid:82078304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215203)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.68.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215203/; classtype:trojan-activity;sid:82078303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215201)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.66.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215201/; classtype:trojan-activity;sid:82078301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215198)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.40.116.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215198/; classtype:trojan-activity;sid:82078298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215196)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.177.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215196/; classtype:trojan-activity;sid:82078296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215194)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"188.242.167.159"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215194/; classtype:trojan-activity;sid:82078294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215193)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.98.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215193/; classtype:trojan-activity;sid:82078293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215190)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.16.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215190/; classtype:trojan-activity;sid:82078290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215189)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.175.72.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215189/; classtype:trojan-activity;sid:82078289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215185)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.164.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215185/; classtype:trojan-activity;sid:82078285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215186)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.5.145"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215186/; classtype:trojan-activity;sid:82078286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215187)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.21.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215187/; classtype:trojan-activity;sid:82078287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215188)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.199.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215188/; classtype:trojan-activity;sid:82078288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215183)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.116.85"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215183/; classtype:trojan-activity;sid:82078283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215184)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.4.144"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215184/; classtype:trojan-activity;sid:82078284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215182)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.18.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215182/; classtype:trojan-activity;sid:82078282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215180)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.85.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215180/; classtype:trojan-activity;sid:82078280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215179)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.252.156"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215179/; classtype:trojan-activity;sid:82078279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215178)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.87.176.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215178/; classtype:trojan-activity;sid:82078278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215174)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.201.207.252"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215174/; classtype:trojan-activity;sid:82078274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215172)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.85.237.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215172/; classtype:trojan-activity;sid:82078272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215171)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.54.132.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215171/; classtype:trojan-activity;sid:82078271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215170)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.13.3.217"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215170/; classtype:trojan-activity;sid:82078270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215165)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.233.236.85"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215165/; classtype:trojan-activity;sid:82078265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215164)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.175.115.128"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215164/; classtype:trojan-activity;sid:82078264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215163)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.175.92.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215163/; classtype:trojan-activity;sid:82078263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215162)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.51.254"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215162/; classtype:trojan-activity;sid:82078262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215161)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.43.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215161/; classtype:trojan-activity;sid:82078261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215158)"; flow:established,from_client; content:"GET"; http_method; content:"/dirdir000/0s1s12.arm"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"193.47.34.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215158/; classtype:trojan-activity;sid:82078258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215159)"; flow:established,from_client; content:"GET"; http_method; content:"/dirdir000/0s1s12.arm7"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"193.47.34.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215159/; classtype:trojan-activity;sid:82078259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215156)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.175.53.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215156/; classtype:trojan-activity;sid:82078256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215155)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.54.69.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215155/; classtype:trojan-activity;sid:82078255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215154)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.46.51"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215154/; classtype:trojan-activity;sid:82078254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215153)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"99.225.1.47"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215153/; classtype:trojan-activity;sid:82078253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215152)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.27.87.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215152/; classtype:trojan-activity;sid:82078252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215151)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.59.234.239"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215151/; classtype:trojan-activity;sid:82078251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215149)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.248.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215149/; classtype:trojan-activity;sid:82078249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215147)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.174.87"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215147/; classtype:trojan-activity;sid:82078247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215144)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.84.44.139"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215144/; classtype:trojan-activity;sid:82078244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215145)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.90.182.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215145/; classtype:trojan-activity;sid:82078245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215146)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.22.56"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215146/; classtype:trojan-activity;sid:82078246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215142)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.46.45.171"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215142/; classtype:trojan-activity;sid:82078242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215141)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.227.173"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215141/; classtype:trojan-activity;sid:82078241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215140)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.252.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215140/; classtype:trojan-activity;sid:82078240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215136)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.51.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215136/; classtype:trojan-activity;sid:82078236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215138)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.61.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215138/; classtype:trojan-activity;sid:82078238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215134)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.75.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215134/; classtype:trojan-activity;sid:82078234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215133)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.13.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215133/; classtype:trojan-activity;sid:82078233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215131)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.162.110.82"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215131/; classtype:trojan-activity;sid:82078231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215130)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.106.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215130/; classtype:trojan-activity;sid:82078230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215129)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.111.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215129/; classtype:trojan-activity;sid:82078229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215126)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.119.128"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215126/; classtype:trojan-activity;sid:82078226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215128)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.40.3.164"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215128/; classtype:trojan-activity;sid:82078228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215123)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.49.72"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215123/; classtype:trojan-activity;sid:82078223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215124)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.41.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215124/; classtype:trojan-activity;sid:82078224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215125)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.125.205.180"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215125/; classtype:trojan-activity;sid:82078225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215121)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.191.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215121/; classtype:trojan-activity;sid:82078221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215114)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.175.40.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215114/; classtype:trojan-activity;sid:82078214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215113)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.62.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215113/; classtype:trojan-activity;sid:82078213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215112)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.92.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215112/; classtype:trojan-activity;sid:82078212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215111)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.175.103.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215111/; classtype:trojan-activity;sid:82078211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215110)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.175.61.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215110/; classtype:trojan-activity;sid:82078210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215109)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.249.74.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215109/; classtype:trojan-activity;sid:82078209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215108)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.45.125.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215108/; classtype:trojan-activity;sid:82078208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215107)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.45.124.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215107/; classtype:trojan-activity;sid:82078207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215106)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.248.113.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215106/; classtype:trojan-activity;sid:82078206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215104)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.125.71.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215104/; classtype:trojan-activity;sid:82078204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215102)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.68.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215102/; classtype:trojan-activity;sid:82078202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215103)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.124.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215103/; classtype:trojan-activity;sid:82078203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215101)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.120.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215101/; classtype:trojan-activity;sid:82078201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215099)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.55.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215099/; classtype:trojan-activity;sid:82078199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215098)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.85.172.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215098/; classtype:trojan-activity;sid:82078198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215095)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"213.163.116.163"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215095/; classtype:trojan-activity;sid:82078195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215096)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.137.171"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215096/; classtype:trojan-activity;sid:82078196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215097)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.115.128"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215097/; classtype:trojan-activity;sid:82078197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215093)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.85.164.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215093/; classtype:trojan-activity;sid:82078193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215094)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.201.199.141"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215094/; classtype:trojan-activity;sid:82078194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215092)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.184.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215092/; classtype:trojan-activity;sid:82078192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215091)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.51.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215091/; classtype:trojan-activity;sid:82078191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215090)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.155.220.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215090/; classtype:trojan-activity;sid:82078190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215089)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.53.230.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215089/; classtype:trojan-activity;sid:82078189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215086)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.197.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215086/; classtype:trojan-activity;sid:82078186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215087)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.54.73.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215087/; classtype:trojan-activity;sid:82078187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215083)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.175.12.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215083/; classtype:trojan-activity;sid:82078183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215081)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.53.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215081/; classtype:trojan-activity;sid:82078181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215082)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.122.210.191"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215082/; classtype:trojan-activity;sid:82078182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215078)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.114.50.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215078/; classtype:trojan-activity;sid:82078178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215075)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.43.116.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215075/; classtype:trojan-activity;sid:82078175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215073)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.231.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215073/; classtype:trojan-activity;sid:82078173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215072)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.72.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215072/; classtype:trojan-activity;sid:82078172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215070)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.107.113.22"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215070/; classtype:trojan-activity;sid:82078170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215067)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.18.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215067/; classtype:trojan-activity;sid:82078167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215066)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.249.72.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215066/; classtype:trojan-activity;sid:82078166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215062)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.249.20.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215062/; classtype:trojan-activity;sid:82078162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215063)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"213.163.119.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215063/; classtype:trojan-activity;sid:82078163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215064)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.160.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215064/; classtype:trojan-activity;sid:82078164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215065)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.136.229.234"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215065/; classtype:trojan-activity;sid:82078165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215060)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.154.125.170"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215060/; classtype:trojan-activity;sid:82078160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215061)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.31.53"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215061/; classtype:trojan-activity;sid:82078161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215059)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.124.83.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215059/; classtype:trojan-activity;sid:82078159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215057)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.175.19.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215057/; classtype:trojan-activity;sid:82078157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215053)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.51.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215053/; classtype:trojan-activity;sid:82078153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215054)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"153.37.140.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215054/; classtype:trojan-activity;sid:82078154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215052)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.66.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215052/; classtype:trojan-activity;sid:82078152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215051)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.125.71.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215051/; classtype:trojan-activity;sid:82078151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215048)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.195.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215048/; classtype:trojan-activity;sid:82078148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215047)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.85.198.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215047/; classtype:trojan-activity;sid:82078147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215043)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.251.1"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215043/; classtype:trojan-activity;sid:82078143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215044)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.41.191.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215044/; classtype:trojan-activity;sid:82078144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215039)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.201.193.46"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215039/; classtype:trojan-activity;sid:82078139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215036)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.179.251.187"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215036/; classtype:trojan-activity;sid:82078136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215035)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.49.110"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215035/; classtype:trojan-activity;sid:82078135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215034)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.27.124.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215034/; classtype:trojan-activity;sid:82078134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215032)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"111.165.122.214"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215032/; classtype:trojan-activity;sid:82078132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215031)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.103.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215031/; classtype:trojan-activity;sid:82078131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215030)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.90.187.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215030/; classtype:trojan-activity;sid:82078130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215029)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.64.124"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215029/; classtype:trojan-activity;sid:82078129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215028)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.12.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215028/; classtype:trojan-activity;sid:82078128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215027)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.145.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215027/; classtype:trojan-activity;sid:82078127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215026)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.61.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215026/; classtype:trojan-activity;sid:82078126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215025)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.175.113.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215025/; classtype:trojan-activity;sid:82078125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215024)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.89.193.125"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215024/; classtype:trojan-activity;sid:82078124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215023)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.114.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215023/; classtype:trojan-activity;sid:82078123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215020)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.209.208.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215020/; classtype:trojan-activity;sid:82078120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215022)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.142.13"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215022/; classtype:trojan-activity;sid:82078122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215017)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.59.140.187"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215017/; classtype:trojan-activity;sid:82078117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215014)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.42.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215014/; classtype:trojan-activity;sid:82078114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215011)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.225.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215011/; classtype:trojan-activity;sid:82078111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215012)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.123.156.133"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215012/; classtype:trojan-activity;sid:82078112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215013)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.44.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215013/; classtype:trojan-activity;sid:82078113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215010)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.231.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215010/; classtype:trojan-activity;sid:82078110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215008)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.186.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215008/; classtype:trojan-activity;sid:82078108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215009)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.167.59"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215009/; classtype:trojan-activity;sid:82078109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1215003)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"183.15.91.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1215003/; classtype:trojan-activity;sid:82078103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214998)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.112.153"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214998/; classtype:trojan-activity;sid:82078098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214996)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.254.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214996/; classtype:trojan-activity;sid:82078096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214991)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.205.101.192"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214991/; classtype:trojan-activity;sid:82078091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214992)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.71.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214992/; classtype:trojan-activity;sid:82078092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214993)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.122.244.228"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214993/; classtype:trojan-activity;sid:82078093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214990)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.35.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214990/; classtype:trojan-activity;sid:82078090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214986)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.32.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214986/; classtype:trojan-activity;sid:82078086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214987)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.125.203.191"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214987/; classtype:trojan-activity;sid:82078087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214988)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.77.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214988/; classtype:trojan-activity;sid:82078088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214983)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.58.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214983/; classtype:trojan-activity;sid:82078083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214984)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.103.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214984/; classtype:trojan-activity;sid:82078084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214985)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.71.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214985/; classtype:trojan-activity;sid:82078085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214982)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.19.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214982/; classtype:trojan-activity;sid:82078082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214980)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"106.104.193.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214980/; classtype:trojan-activity;sid:82078080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214977)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.201.205.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214977/; classtype:trojan-activity;sid:82078077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214973)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.125.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214973/; classtype:trojan-activity;sid:82078073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214975)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.145.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214975/; classtype:trojan-activity;sid:82078075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214970)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.255.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214970/; classtype:trojan-activity;sid:82078070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214971)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.46.184.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214971/; classtype:trojan-activity;sid:82078071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214968)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.139.20.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214968/; classtype:trojan-activity;sid:82078068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214966)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.89.193.125"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214966/; classtype:trojan-activity;sid:82078066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214965)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.58.132.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214965/; classtype:trojan-activity;sid:82078065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214962)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.254.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214962/; classtype:trojan-activity;sid:82078062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214961)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.233.138.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214961/; classtype:trojan-activity;sid:82078061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214955)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.43.111.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214955/; classtype:trojan-activity;sid:82078055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214954)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.24.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214954/; classtype:trojan-activity;sid:82078054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214950)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.122.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214950/; classtype:trojan-activity;sid:82078050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214949)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.41.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214949/; classtype:trojan-activity;sid:82078049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214947)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.53.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214947/; classtype:trojan-activity;sid:82078047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214946)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.11.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214946/; classtype:trojan-activity;sid:82078046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214945)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.97.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214945/; classtype:trojan-activity;sid:82078045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214938)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.11.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214938/; classtype:trojan-activity;sid:82078038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214931)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.175.18.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214931/; classtype:trojan-activity;sid:82078031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214930)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.20.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214930/; classtype:trojan-activity;sid:82078030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214929)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.27.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214929/; classtype:trojan-activity;sid:82078029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214927)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.15.91.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214927/; classtype:trojan-activity;sid:82078027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214923)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.175.63.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214923/; classtype:trojan-activity;sid:82078023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214922)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"213.163.115.31"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214922/; classtype:trojan-activity;sid:82078022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214921)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.233.127.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214921/; classtype:trojan-activity;sid:82078021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214920)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.226.76.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214920/; classtype:trojan-activity;sid:82078020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214918)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.1.244.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214918/; classtype:trojan-activity;sid:82078018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214919)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.154.180.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214919/; classtype:trojan-activity;sid:82078019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214917)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.5.31.45"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214917/; classtype:trojan-activity;sid:82078017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214916)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.78.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214916/; classtype:trojan-activity;sid:82078016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214914)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.142.101.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214914/; classtype:trojan-activity;sid:82078014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214915)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.175.79.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214915/; classtype:trojan-activity;sid:82078015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214913)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.185.208"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214913/; classtype:trojan-activity;sid:82078013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214911)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.179.172.85"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214911/; classtype:trojan-activity;sid:82078011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214912)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.133.142"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214912/; classtype:trojan-activity;sid:82078012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214907)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.179.174.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214907/; classtype:trojan-activity;sid:82078007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214905)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.178.233.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214905/; classtype:trojan-activity;sid:82078005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214904)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.123.221.227"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214904/; classtype:trojan-activity;sid:82078004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214895)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.112.53"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214895/; classtype:trojan-activity;sid:82077995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214894)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.179.168.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214894/; classtype:trojan-activity;sid:82077994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214893)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.48.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214893/; classtype:trojan-activity;sid:82077993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214891)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.110.119"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214891/; classtype:trojan-activity;sid:82077991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214889)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.169.47"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214889/; classtype:trojan-activity;sid:82077989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214888)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.85.99.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214888/; classtype:trojan-activity;sid:82077988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214885)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.180.187.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214885/; classtype:trojan-activity;sid:82077985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214884)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.175.85.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214884/; classtype:trojan-activity;sid:82077984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214882)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.248.117.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214882/; classtype:trojan-activity;sid:82077982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214879)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.96.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214879/; classtype:trojan-activity;sid:82077979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214878)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.67.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214878/; classtype:trojan-activity;sid:82077978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214876)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.145.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214876/; classtype:trojan-activity;sid:82077976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214875)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.41.10.5"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214875/; classtype:trojan-activity;sid:82077975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214874)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.18.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214874/; classtype:trojan-activity;sid:82077974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214873)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"180.118.183.138"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214873/; classtype:trojan-activity;sid:82077973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214871)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.120.86.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214871/; classtype:trojan-activity;sid:82077971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214872)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.62.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214872/; classtype:trojan-activity;sid:82077972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214868)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.122.241.243"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214868/; classtype:trojan-activity;sid:82077968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214869)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.1.96"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214869/; classtype:trojan-activity;sid:82077969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214870)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.71.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214870/; classtype:trojan-activity;sid:82077970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214867)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.127.173"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214867/; classtype:trojan-activity;sid:82077967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214866)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.175.61.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214866/; classtype:trojan-activity;sid:82077966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214865)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.70.230"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214865/; classtype:trojan-activity;sid:82077965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214864)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.179.174.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214864/; classtype:trojan-activity;sid:82077964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214862)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.11.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214862/; classtype:trojan-activity;sid:82077962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214863)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.85.172.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214863/; classtype:trojan-activity;sid:82077963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214859)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.142.191.179"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214859/; classtype:trojan-activity;sid:82077959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214857)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.30.4.136"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214857/; classtype:trojan-activity;sid:82077957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214856)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.141.129.139"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214856/; classtype:trojan-activity;sid:82077956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214855)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.147.37.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214855/; classtype:trojan-activity;sid:82077955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214854)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.122.116"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214854/; classtype:trojan-activity;sid:82077954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214853)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.89.148"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214853/; classtype:trojan-activity;sid:82077953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214851)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.41.10.5"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214851/; classtype:trojan-activity;sid:82077951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214852)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.175.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214852/; classtype:trojan-activity;sid:82077952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214850)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.45.83.229"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214850/; classtype:trojan-activity;sid:82077950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214849)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.244.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214849/; classtype:trojan-activity;sid:82077949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214848)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.188.206.10"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214848/; classtype:trojan-activity;sid:82077948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214842)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.107.234"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214842/; classtype:trojan-activity;sid:82077942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214837)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.160.233"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214837/; classtype:trojan-activity;sid:82077937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214834)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.86.145.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214834/; classtype:trojan-activity;sid:82077934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214835)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.40.82"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214835/; classtype:trojan-activity;sid:82077935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214832)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.133.176.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214832/; classtype:trojan-activity;sid:82077932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214830)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.56.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214830/; classtype:trojan-activity;sid:82077930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214829)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.27.124.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214829/; classtype:trojan-activity;sid:82077929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214827)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.178.168"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214827/; classtype:trojan-activity;sid:82077927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214823)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.61.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214823/; classtype:trojan-activity;sid:82077923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214822)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"213.163.126.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214822/; classtype:trojan-activity;sid:82077922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214821)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.85.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214821/; classtype:trojan-activity;sid:82077921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214820)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.21.94.68"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214820/; classtype:trojan-activity;sid:82077920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214815)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.43.124.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214815/; classtype:trojan-activity;sid:82077915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214812)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.146.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214812/; classtype:trojan-activity;sid:82077912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214810)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.154.101.115"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214810/; classtype:trojan-activity;sid:82077910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214808)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.40.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214808/; classtype:trojan-activity;sid:82077908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214805)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.127.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214805/; classtype:trojan-activity;sid:82077905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214806)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"122.137.52.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214806/; classtype:trojan-activity;sid:82077906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214802)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.85.165.253"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214802/; classtype:trojan-activity;sid:82077902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214800)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.204.217.126"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214800/; classtype:trojan-activity;sid:82077900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214801)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.204.221.191"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214801/; classtype:trojan-activity;sid:82077901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214799)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"213.163.115.31"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214799/; classtype:trojan-activity;sid:82077899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214798)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.37.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214798/; classtype:trojan-activity;sid:82077898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214794)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.192.225.179"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214794/; classtype:trojan-activity;sid:82077894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214791)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.62.149.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214791/; classtype:trojan-activity;sid:82077891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214789)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.134.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214789/; classtype:trojan-activity;sid:82077889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214788)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.123.237.133"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214788/; classtype:trojan-activity;sid:82077888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214786)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.204.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214786/; classtype:trojan-activity;sid:82077886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214784)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.59.216.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214784/; classtype:trojan-activity;sid:82077884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214782)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.141.129.139"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214782/; classtype:trojan-activity;sid:82077882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214781)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-7.isis"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"107.172.248.172"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214781/; classtype:trojan-activity;sid:82077881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214777)"; flow:established,from_client; content:"GET"; http_method; content:"/i-5.8-6.isis"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"107.172.248.172"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214777/; classtype:trojan-activity;sid:82077877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214778)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-4.isis"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"107.172.248.172"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214778/; classtype:trojan-activity;sid:82077878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214779)"; flow:established,from_client; content:"GET"; http_method; content:"/mirai.x86"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"209.141.52.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214779/; classtype:trojan-activity;sid:82077879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214780)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-5.isis"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"107.172.248.172"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214780/; classtype:trojan-activity;sid:82077880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214775)"; flow:established,from_client; content:"GET"; http_method; content:"/mirai.arm"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"209.141.52.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214775/; classtype:trojan-activity;sid:82077875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214774)"; flow:established,from_client; content:"GET"; http_method; content:"/mirai.arm6"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"209.141.52.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214774/; classtype:trojan-activity;sid:82077874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214769)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.8.191"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214769/; classtype:trojan-activity;sid:82077869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214768)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.226.82.27"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214768/; classtype:trojan-activity;sid:82077868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214765)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.74.7.49"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214765/; classtype:trojan-activity;sid:82077865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214763)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.41.145.207"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214763/; classtype:trojan-activity;sid:82077863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214760)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.222.220.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214760/; classtype:trojan-activity;sid:82077860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214761)"; flow:established,from_client; content:"GET"; http_method; content:"/x-3.2-.isis"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"107.172.248.172"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214761/; classtype:trojan-activity;sid:82077861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214758)"; flow:established,from_client; content:"GET"; http_method; content:"/mirai.arm5"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"209.141.52.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214758/; classtype:trojan-activity;sid:82077858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214759)"; flow:established,from_client; content:"GET"; http_method; content:"/mirai.arm7"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"209.141.52.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214759/; classtype:trojan-activity;sid:82077859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214757)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"220.168.237.32"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214757/; classtype:trojan-activity;sid:82077857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214756)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.101.254"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214756/; classtype:trojan-activity;sid:82077856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214754)"; flow:established,from_client; content:"GET"; http_method; content:"/mirai.m68k"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"209.141.52.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214754/; classtype:trojan-activity;sid:82077854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214755)"; flow:established,from_client; content:"GET"; http_method; content:"/mirai.mipsel"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"209.141.52.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214755/; classtype:trojan-activity;sid:82077855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214753)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.67.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214753/; classtype:trojan-activity;sid:82077853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214751)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.76.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214751/; classtype:trojan-activity;sid:82077851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214750)"; flow:established,from_client; content:"GET"; http_method; content:"/s-h.4-.isis"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"107.172.248.172"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214750/; classtype:trojan-activity;sid:82077850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214747)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.116.107.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214747/; classtype:trojan-activity;sid:82077847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214743)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"157.122.107.115"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214743/; classtype:trojan-activity;sid:82077843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214744)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.41.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214744/; classtype:trojan-activity;sid:82077844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214745)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"171.125.40.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214745/; classtype:trojan-activity;sid:82077845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214742)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.173.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214742/; classtype:trojan-activity;sid:82077842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214740)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-6.isis"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"107.172.248.172"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214740/; classtype:trojan-activity;sid:82077840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214739)"; flow:established,from_client; content:"GET"; http_method; content:"/m-i.p-s.isis"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"107.172.248.172"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214739/; classtype:trojan-activity;sid:82077839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214736)"; flow:established,from_client; content:"GET"; http_method; content:"/mirai.sh4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"209.141.52.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214736/; classtype:trojan-activity;sid:82077836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214737)"; flow:established,from_client; content:"GET"; http_method; content:"/mirai.spc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"209.141.52.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214737/; classtype:trojan-activity;sid:82077837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214738)"; flow:established,from_client; content:"GET"; http_method; content:"/x-8.6-.isis"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"107.172.248.172"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214738/; classtype:trojan-activity;sid:82077838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214735)"; flow:established,from_client; content:"GET"; http_method; content:"/mirai.mips"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"209.141.52.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214735/; classtype:trojan-activity;sid:82077835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214733)"; flow:established,from_client; content:"GET"; http_method; content:"/m-p.s-l.isis"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"107.172.248.172"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214733/; classtype:trojan-activity;sid:82077833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214734)"; flow:established,from_client; content:"GET"; http_method; content:"/p-p.c-.isis"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"107.172.248.172"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214734/; classtype:trojan-activity;sid:82077834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214732)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"70.79.173.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214732/; classtype:trojan-activity;sid:82077832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214731)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.45.184.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214731/; classtype:trojan-activity;sid:82077831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214729)"; flow:established,from_client; content:"GET"; http_method; content:"/isis.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"107.172.248.172"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214729/; classtype:trojan-activity;sid:82077829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214730)"; flow:established,from_client; content:"GET"; http_method; content:"/mirai.sh"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"209.141.52.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214730/; classtype:trojan-activity;sid:82077830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214726)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.175.120.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214726/; classtype:trojan-activity;sid:82077826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214725)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.59.216.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214725/; classtype:trojan-activity;sid:82077825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214721)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"41.86.18.35"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214721/; classtype:trojan-activity;sid:82077821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214720)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.248.140.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214720/; classtype:trojan-activity;sid:82077820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214719)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.94.182.1"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214719/; classtype:trojan-activity;sid:82077819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214717)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.212.234.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214717/; classtype:trojan-activity;sid:82077817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214718)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.41.194.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214718/; classtype:trojan-activity;sid:82077818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214716)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.154.98.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214716/; classtype:trojan-activity;sid:82077816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214715)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.51.253"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214715/; classtype:trojan-activity;sid:82077815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214714)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.10.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214714/; classtype:trojan-activity;sid:82077814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214713)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.103.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214713/; classtype:trojan-activity;sid:82077813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214712)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.204.219.234"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214712/; classtype:trojan-activity;sid:82077812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214711)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.83.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214711/; classtype:trojan-activity;sid:82077811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214710)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.124.51.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214710/; classtype:trojan-activity;sid:82077810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214709)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.120.244.28"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214709/; classtype:trojan-activity;sid:82077809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214707)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.59.28.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214707/; classtype:trojan-activity;sid:82077807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214703)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.46.166.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214703/; classtype:trojan-activity;sid:82077803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214700)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.38.184.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214700/; classtype:trojan-activity;sid:82077800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214699)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.87.145.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214699/; classtype:trojan-activity;sid:82077799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214698)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.87.97.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214698/; classtype:trojan-activity;sid:82077798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214696)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.105.159"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214696/; classtype:trojan-activity;sid:82077796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214693)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.249.22.241"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214693/; classtype:trojan-activity;sid:82077793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214691)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.180.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214691/; classtype:trojan-activity;sid:82077791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214689)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.41.52.52"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214689/; classtype:trojan-activity;sid:82077789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214687)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.243.20.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214687/; classtype:trojan-activity;sid:82077787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214688)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.102.252.99"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214688/; classtype:trojan-activity;sid:82077788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214685)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.102.42"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214685/; classtype:trojan-activity;sid:82077785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214683)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.94.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214683/; classtype:trojan-activity;sid:82077783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214681)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.111.138"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214681/; classtype:trojan-activity;sid:82077781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214680)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.78.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214680/; classtype:trojan-activity;sid:82077780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214676)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.7.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214676/; classtype:trojan-activity;sid:82077776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214675)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"171.38.192.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214675/; classtype:trojan-activity;sid:82077775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214673)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.201.195.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214673/; classtype:trojan-activity;sid:82077773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214670)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.141.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214670/; classtype:trojan-activity;sid:82077770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214668)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.53.4.126"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214668/; classtype:trojan-activity;sid:82077768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214667)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.220.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214667/; classtype:trojan-activity;sid:82077767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214666)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.175.84.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214666/; classtype:trojan-activity;sid:82077766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214664)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.139.33.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214664/; classtype:trojan-activity;sid:82077764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214663)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.175.112.233"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214663/; classtype:trojan-activity;sid:82077763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214660)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.142.70.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214660/; classtype:trojan-activity;sid:82077760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214656)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.171.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214656/; classtype:trojan-activity;sid:82077756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214659)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.228.100.119"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214659/; classtype:trojan-activity;sid:82077759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214655)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.77.247"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214655/; classtype:trojan-activity;sid:82077755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214652)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.120.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214652/; classtype:trojan-activity;sid:82077752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214651)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.106.172"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214651/; classtype:trojan-activity;sid:82077751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214649)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.56.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214649/; classtype:trojan-activity;sid:82077749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214644)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.125.194.65"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214644/; classtype:trojan-activity;sid:82077744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214645)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.55.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214645/; classtype:trojan-activity;sid:82077745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214643)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.211.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214643/; classtype:trojan-activity;sid:82077743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214642)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.184.171"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214642/; classtype:trojan-activity;sid:82077742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214639)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.175.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214639/; classtype:trojan-activity;sid:82077739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214636)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.45.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214636/; classtype:trojan-activity;sid:82077736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214634)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.212.238.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214634/; classtype:trojan-activity;sid:82077734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214635)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.59.254.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214635/; classtype:trojan-activity;sid:82077735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214633)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"101.30.39.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214633/; classtype:trojan-activity;sid:82077733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214632)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.30.1.57"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214632/; classtype:trojan-activity;sid:82077732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214630)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.108.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214630/; classtype:trojan-activity;sid:82077730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214629)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.175.97.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214629/; classtype:trojan-activity;sid:82077729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214627)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.54.206.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214627/; classtype:trojan-activity;sid:82077727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214623)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.122.251.252"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214623/; classtype:trojan-activity;sid:82077723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214621)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.8.53"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214621/; classtype:trojan-activity;sid:82077721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214622)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.125.201"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214622/; classtype:trojan-activity;sid:82077722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214617)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.68.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214617/; classtype:trojan-activity;sid:82077717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214618)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.236.104"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214618/; classtype:trojan-activity;sid:82077718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214619)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.175.82.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214619/; classtype:trojan-activity;sid:82077719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214615)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.173.136"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214615/; classtype:trojan-activity;sid:82077715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214614)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.123.156.133"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214614/; classtype:trojan-activity;sid:82077714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214613)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.170.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214613/; classtype:trojan-activity;sid:82077713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214610)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"118.79.4.232"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214610/; classtype:trojan-activity;sid:82077710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214612)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.175.103.11"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214612/; classtype:trojan-activity;sid:82077712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214609)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.166.252.180"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214609/; classtype:trojan-activity;sid:82077709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214606)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.59.246.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214606/; classtype:trojan-activity;sid:82077706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214605)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.73.205.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214605/; classtype:trojan-activity;sid:82077705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214604)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.64.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214604/; classtype:trojan-activity;sid:82077704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214602)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.84.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214602/; classtype:trojan-activity;sid:82077702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214601)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.112.233"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214601/; classtype:trojan-activity;sid:82077701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214600)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.175.1.151"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214600/; classtype:trojan-activity;sid:82077700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214596)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.87.9"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214596/; classtype:trojan-activity;sid:82077696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214595)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.174.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214595/; classtype:trojan-activity;sid:82077695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214593)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.146.32"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214593/; classtype:trojan-activity;sid:82077693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214592)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.249.81.196"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214592/; classtype:trojan-activity;sid:82077692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214586)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.228.247.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214586/; classtype:trojan-activity;sid:82077686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214587)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.19.206"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214587/; classtype:trojan-activity;sid:82077687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214585)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.49.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214585/; classtype:trojan-activity;sid:82077685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214580)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.97.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214580/; classtype:trojan-activity;sid:82077680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214581)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.13.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214581/; classtype:trojan-activity;sid:82077681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214576)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.120.244.28"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214576/; classtype:trojan-activity;sid:82077676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214574)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.192.225.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214574/; classtype:trojan-activity;sid:82077674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214572)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.123.243.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214572/; classtype:trojan-activity;sid:82077672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214568)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.85.239.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214568/; classtype:trojan-activity;sid:82077668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214566)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.174.199"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214566/; classtype:trojan-activity;sid:82077666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214567)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.69.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214567/; classtype:trojan-activity;sid:82077667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214564)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.177.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214564/; classtype:trojan-activity;sid:82077664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214565)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.87.87.121"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214565/; classtype:trojan-activity;sid:82077665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214561)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.60.136"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214561/; classtype:trojan-activity;sid:82077661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214562)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.201.218.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214562/; classtype:trojan-activity;sid:82077662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214563)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.23.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214563/; classtype:trojan-activity;sid:82077663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214560)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.61.139.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214560/; classtype:trojan-activity;sid:82077660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214558)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.247.156.172"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214558/; classtype:trojan-activity;sid:82077658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214557)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.102.252.99"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214557/; classtype:trojan-activity;sid:82077657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214556)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.103.11"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214556/; classtype:trojan-activity;sid:82077656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214554)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"206.174.81.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214554/; classtype:trojan-activity;sid:82077654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214553)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.249.72.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214553/; classtype:trojan-activity;sid:82077653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214552)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.174.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214552/; classtype:trojan-activity;sid:82077652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214548)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.207.151.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214548/; classtype:trojan-activity;sid:82077648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214546)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.134.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214546/; classtype:trojan-activity;sid:82077646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214547)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"213.163.116.163"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214547/; classtype:trojan-activity;sid:82077647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214544)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.83.19.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214544/; classtype:trojan-activity;sid:82077644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214540)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.66.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214540/; classtype:trojan-activity;sid:82077640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214541)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.29.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214541/; classtype:trojan-activity;sid:82077641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214542)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.64.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214542/; classtype:trojan-activity;sid:82077642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214539)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.166.252.180"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214539/; classtype:trojan-activity;sid:82077639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214535)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.216.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214535/; classtype:trojan-activity;sid:82077635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214534)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.82.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214534/; classtype:trojan-activity;sid:82077634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214527)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.198.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214527/; classtype:trojan-activity;sid:82077627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214526)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.6.159.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214526/; classtype:trojan-activity;sid:82077626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214523)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.59.215.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214523/; classtype:trojan-activity;sid:82077623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214522)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.82.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214522/; classtype:trojan-activity;sid:82077622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214521)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.175.114.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214521/; classtype:trojan-activity;sid:82077621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214520)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.175.25.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214520/; classtype:trojan-activity;sid:82077620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214517)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"1.10.146.30"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214517/; classtype:trojan-activity;sid:82077617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214513)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.169.225"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214513/; classtype:trojan-activity;sid:82077613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214514)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.175.81.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214514/; classtype:trojan-activity;sid:82077614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214510)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.249.20.87"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214510/; classtype:trojan-activity;sid:82077610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214509)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.176.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214509/; classtype:trojan-activity;sid:82077609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214507)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.238.192.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214507/; classtype:trojan-activity;sid:82077607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214506)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.72.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214506/; classtype:trojan-activity;sid:82077606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214505)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.175.37.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214505/; classtype:trojan-activity;sid:82077605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214502)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.28.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214502/; classtype:trojan-activity;sid:82077602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214500)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.40.25.120"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214500/; classtype:trojan-activity;sid:82077600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214501)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.45.122.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214501/; classtype:trojan-activity;sid:82077601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214497)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"121.61.69.46"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214497/; classtype:trojan-activity;sid:82077597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214495)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.85.172.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214495/; classtype:trojan-activity;sid:82077595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214494)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.167.27.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214494/; classtype:trojan-activity;sid:82077594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214492)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.201.193.156"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214492/; classtype:trojan-activity;sid:82077592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214488)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"101.26.41.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214488/; classtype:trojan-activity;sid:82077588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214489)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.81.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214489/; classtype:trojan-activity;sid:82077589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214490)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.149.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214490/; classtype:trojan-activity;sid:82077590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214487)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.239.100.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214487/; classtype:trojan-activity;sid:82077587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214486)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.5.221"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214486/; classtype:trojan-activity;sid:82077586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214485)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.115.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214485/; classtype:trojan-activity;sid:82077585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214484)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.8.44.70"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214484/; classtype:trojan-activity;sid:82077584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214482)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"206.174.81.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214482/; classtype:trojan-activity;sid:82077582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214481)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.175.13.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214481/; classtype:trojan-activity;sid:82077581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214479)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.216.161.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214479/; classtype:trojan-activity;sid:82077579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214473)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.88.85.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214473/; classtype:trojan-activity;sid:82077573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214471)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.56.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214471/; classtype:trojan-activity;sid:82077571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214470)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.114.78.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214470/; classtype:trojan-activity;sid:82077570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214467)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.127.139"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214467/; classtype:trojan-activity;sid:82077567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214468)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.204.192"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214468/; classtype:trojan-activity;sid:82077568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214465)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.106.103.175"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214465/; classtype:trojan-activity;sid:82077565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214464)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.13.158.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214464/; classtype:trojan-activity;sid:82077564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214459)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.87.32.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214459/; classtype:trojan-activity;sid:82077559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214457)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.104.182"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214457/; classtype:trojan-activity;sid:82077557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214451)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.207.12.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214451/; classtype:trojan-activity;sid:82077551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214450)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.136.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214450/; classtype:trojan-activity;sid:82077550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214447)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.234.197.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214447/; classtype:trojan-activity;sid:82077547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214446)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.202.245.28"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214446/; classtype:trojan-activity;sid:82077546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214436)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.64.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214436/; classtype:trojan-activity;sid:82077536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214434)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.61.96.31"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214434/; classtype:trojan-activity;sid:82077534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214430)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.8.44.70"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214430/; classtype:trojan-activity;sid:82077530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214429)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.160.113"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_10; reference:url, urlhaus.abuse.ch/url/1214429/; classtype:trojan-activity;sid:82077529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214428)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.30.110.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214428/; classtype:trojan-activity;sid:82077528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214427)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.141.161.54"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214427/; classtype:trojan-activity;sid:82077527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214426)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.123.225.185"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214426/; classtype:trojan-activity;sid:82077526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214423)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.109.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214423/; classtype:trojan-activity;sid:82077523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214424)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.13.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214424/; classtype:trojan-activity;sid:82077524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214425)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.221.222.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214425/; classtype:trojan-activity;sid:82077525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214422)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.5.103.198"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214422/; classtype:trojan-activity;sid:82077522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214421)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.249.80.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214421/; classtype:trojan-activity;sid:82077521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214420)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.139.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214420/; classtype:trojan-activity;sid:82077520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214419)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.140.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214419/; classtype:trojan-activity;sid:82077519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214418)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.43.95.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214418/; classtype:trojan-activity;sid:82077518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214417)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.248.155.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214417/; classtype:trojan-activity;sid:82077517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214416)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.64.49"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214416/; classtype:trojan-activity;sid:82077516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214413)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.6.206.179"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214413/; classtype:trojan-activity;sid:82077513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214414)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.88.86.200"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214414/; classtype:trojan-activity;sid:82077514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214415)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.248.37"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214415/; classtype:trojan-activity;sid:82077515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214411)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"213.92.254.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214411/; classtype:trojan-activity;sid:82077511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214412)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.41.52.104"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214412/; classtype:trojan-activity;sid:82077512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214410)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.14.47.208"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214410/; classtype:trojan-activity;sid:82077510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214409)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"188.169.36.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214409/; classtype:trojan-activity;sid:82077509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214408)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.83.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214408/; classtype:trojan-activity;sid:82077508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214407)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.72.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214407/; classtype:trojan-activity;sid:82077507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214406)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.48.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214406/; classtype:trojan-activity;sid:82077506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214405)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.124.116"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214405/; classtype:trojan-activity;sid:82077505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214404)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.50.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214404/; classtype:trojan-activity;sid:82077504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214403)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.201.202.189"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214403/; classtype:trojan-activity;sid:82077503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214401)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"122.189.13.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214401/; classtype:trojan-activity;sid:82077501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214402)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.175.1"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214402/; classtype:trojan-activity;sid:82077502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214397)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.204.217.254"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214397/; classtype:trojan-activity;sid:82077497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214398)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.1.250"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214398/; classtype:trojan-activity;sid:82077498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214399)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.77.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214399/; classtype:trojan-activity;sid:82077499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214400)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.8.179"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214400/; classtype:trojan-activity;sid:82077500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214396)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.202.114.216"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214396/; classtype:trojan-activity;sid:82077496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214394)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.118.12.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214394/; classtype:trojan-activity;sid:82077494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214395)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.83.115.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214395/; classtype:trojan-activity;sid:82077495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214393)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.27.127.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214393/; classtype:trojan-activity;sid:82077493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214392)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.175.62.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214392/; classtype:trojan-activity;sid:82077492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214391)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.160.113"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214391/; classtype:trojan-activity;sid:82077491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214390)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.175.51.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214390/; classtype:trojan-activity;sid:82077490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214389)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.175.92.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214389/; classtype:trojan-activity;sid:82077489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214388)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.136.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214388/; classtype:trojan-activity;sid:82077488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214387)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.43.178"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214387/; classtype:trojan-activity;sid:82077487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214385)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.175.43.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214385/; classtype:trojan-activity;sid:82077485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214386)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.99.222.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214386/; classtype:trojan-activity;sid:82077486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214384)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.84.172"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214384/; classtype:trojan-activity;sid:82077484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214383)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.48.64"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214383/; classtype:trojan-activity;sid:82077483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214381)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.18.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214381/; classtype:trojan-activity;sid:82077481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214382)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.94.180.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214382/; classtype:trojan-activity;sid:82077482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214380)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.95.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214380/; classtype:trojan-activity;sid:82077480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214378)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.248.153.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214378/; classtype:trojan-activity;sid:82077478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214379)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.234.110.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214379/; classtype:trojan-activity;sid:82077479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214374)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.173.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214374/; classtype:trojan-activity;sid:82077474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214375)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.168.20"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214375/; classtype:trojan-activity;sid:82077475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214376)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.170.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214376/; classtype:trojan-activity;sid:82077476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214377)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.5.20.135"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214377/; classtype:trojan-activity;sid:82077477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214373)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.157.157"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214373/; classtype:trojan-activity;sid:82077473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214372)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.49.227"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214372/; classtype:trojan-activity;sid:82077472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214370)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.34.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214370/; classtype:trojan-activity;sid:82077470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214371)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.136.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214371/; classtype:trojan-activity;sid:82077471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214369)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"88.226.60.229"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214369/; classtype:trojan-activity;sid:82077469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214368)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.44.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214368/; classtype:trojan-activity;sid:82077468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214367)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.77.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214367/; classtype:trojan-activity;sid:82077467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214365)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.106.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214365/; classtype:trojan-activity;sid:82077465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214366)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.88.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214366/; classtype:trojan-activity;sid:82077466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214362)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.50.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214362/; classtype:trojan-activity;sid:82077462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214363)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.227.95"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214363/; classtype:trojan-activity;sid:82077463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214364)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.101.191"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214364/; classtype:trojan-activity;sid:82077464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214361)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.73.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214361/; classtype:trojan-activity;sid:82077461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214359)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.30.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214359/; classtype:trojan-activity;sid:82077459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214360)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.86.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214360/; classtype:trojan-activity;sid:82077460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214358)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.86.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214358/; classtype:trojan-activity;sid:82077458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214357)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.11.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214357/; classtype:trojan-activity;sid:82077457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214356)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.44.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214356/; classtype:trojan-activity;sid:82077456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214355)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.133.252.109"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214355/; classtype:trojan-activity;sid:82077455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214354)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.191.216.146"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214354/; classtype:trojan-activity;sid:82077454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214353)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.86.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214353/; classtype:trojan-activity;sid:82077453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214352)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.14.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214352/; classtype:trojan-activity;sid:82077452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214350)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.86.86"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214350/; classtype:trojan-activity;sid:82077450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214351)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.201.205.253"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214351/; classtype:trojan-activity;sid:82077451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214349)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.168.89"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214349/; classtype:trojan-activity;sid:82077449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214347)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.221.0"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214347/; classtype:trojan-activity;sid:82077447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214348)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.85.167.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214348/; classtype:trojan-activity;sid:82077448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214345)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.131.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214345/; classtype:trojan-activity;sid:82077445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214346)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.47.230"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214346/; classtype:trojan-activity;sid:82077446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214344)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.217.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214344/; classtype:trojan-activity;sid:82077444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214343)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.54.165.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214343/; classtype:trojan-activity;sid:82077443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214342)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.99.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214342/; classtype:trojan-activity;sid:82077442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214341)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.70.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214341/; classtype:trojan-activity;sid:82077441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214340)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.123.225.185"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214340/; classtype:trojan-activity;sid:82077440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214339)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.221.222.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214339/; classtype:trojan-activity;sid:82077439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214338)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.95.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214338/; classtype:trojan-activity;sid:82077438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214337)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.94.180.96"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214337/; classtype:trojan-activity;sid:82077437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214336)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.197.34.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214336/; classtype:trojan-activity;sid:82077436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214335)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.185.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214335/; classtype:trojan-activity;sid:82077435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214333)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.249.90.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214333/; classtype:trojan-activity;sid:82077433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214334)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.45.248"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214334/; classtype:trojan-activity;sid:82077434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214332)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.227.243"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214332/; classtype:trojan-activity;sid:82077432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214331)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.214.160"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214331/; classtype:trojan-activity;sid:82077431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214330)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.78.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214330/; classtype:trojan-activity;sid:82077430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214328)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.175.44.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214328/; classtype:trojan-activity;sid:82077428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214329)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.112.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214329/; classtype:trojan-activity;sid:82077429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214326)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"218.23.9.170"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214326/; classtype:trojan-activity;sid:82077426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214327)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.54.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214327/; classtype:trojan-activity;sid:82077427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214325)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.58.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214325/; classtype:trojan-activity;sid:82077425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214324)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.74.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214324/; classtype:trojan-activity;sid:82077424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214323)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.0.115"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214323/; classtype:trojan-activity;sid:82077423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214322)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.40.74.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214322/; classtype:trojan-activity;sid:82077422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214321)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.142.101.154"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214321/; classtype:trojan-activity;sid:82077421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214320)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.132.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214320/; classtype:trojan-activity;sid:82077420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214317)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.241.67.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214317/; classtype:trojan-activity;sid:82077417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214318)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"118.75.249.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214318/; classtype:trojan-activity;sid:82077418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214319)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.97.143.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214319/; classtype:trojan-activity;sid:82077419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214314)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.247.201.218"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214314/; classtype:trojan-activity;sid:82077414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214315)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.6.209"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214315/; classtype:trojan-activity;sid:82077415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214316)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.167.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214316/; classtype:trojan-activity;sid:82077416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214313)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.209.174"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214313/; classtype:trojan-activity;sid:82077413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214312)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.97.139.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214312/; classtype:trojan-activity;sid:82077412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214311)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.111.163.116"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214311/; classtype:trojan-activity;sid:82077411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214310)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"111.119.245.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214310/; classtype:trojan-activity;sid:82077410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214309)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.141.254.86"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214309/; classtype:trojan-activity;sid:82077409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214308)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.51.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214308/; classtype:trojan-activity;sid:82077408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214307)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.62.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214307/; classtype:trojan-activity;sid:82077407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214306)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.98.15.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214306/; classtype:trojan-activity;sid:82077406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214305)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.99.222.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214305/; classtype:trojan-activity;sid:82077405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214304)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.144.112"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214304/; classtype:trojan-activity;sid:82077404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214303)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.18.136"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214303/; classtype:trojan-activity;sid:82077403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214302)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"98.26.226.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214302/; classtype:trojan-activity;sid:82077402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214300)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.137.153.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214300/; classtype:trojan-activity;sid:82077400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214301)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.147.31"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214301/; classtype:trojan-activity;sid:82077401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214298)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.241.138"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214298/; classtype:trojan-activity;sid:82077398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214299)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.59.92.145"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214299/; classtype:trojan-activity;sid:82077399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214297)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.249.73.182"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214297/; classtype:trojan-activity;sid:82077397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214296)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.50.129.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214296/; classtype:trojan-activity;sid:82077396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214294)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.30.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214294/; classtype:trojan-activity;sid:82077394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214295)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.17.116"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214295/; classtype:trojan-activity;sid:82077395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214293)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.175.113.154"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214293/; classtype:trojan-activity;sid:82077393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214292)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"41.230.31.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214292/; classtype:trojan-activity;sid:82077392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214290)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.131.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214290/; classtype:trojan-activity;sid:82077390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214291)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.3.33"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214291/; classtype:trojan-activity;sid:82077391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214289)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.238.254.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214289/; classtype:trojan-activity;sid:82077389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214287)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"41.86.21.28"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214287/; classtype:trojan-activity;sid:82077387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214288)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.68.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214288/; classtype:trojan-activity;sid:82077388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214285)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.70.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214285/; classtype:trojan-activity;sid:82077385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214286)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.159.237"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214286/; classtype:trojan-activity;sid:82077386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214284)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.61.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214284/; classtype:trojan-activity;sid:82077384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214282)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.114.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214282/; classtype:trojan-activity;sid:82077382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214283)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.72.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214283/; classtype:trojan-activity;sid:82077383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214280)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.68.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214280/; classtype:trojan-activity;sid:82077380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214281)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.93.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214281/; classtype:trojan-activity;sid:82077381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214279)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.148.82"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214279/; classtype:trojan-activity;sid:82077379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214276)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.126.115"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214276/; classtype:trojan-activity;sid:82077376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214277)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.63.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214277/; classtype:trojan-activity;sid:82077377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214278)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.86.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214278/; classtype:trojan-activity;sid:82077378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214274)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.247.201.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214274/; classtype:trojan-activity;sid:82077374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214275)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.59.125.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214275/; classtype:trojan-activity;sid:82077375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214273)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.184.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214273/; classtype:trojan-activity;sid:82077373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214271)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.171.128"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214271/; classtype:trojan-activity;sid:82077371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214272)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.43.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214272/; classtype:trojan-activity;sid:82077372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214270)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.92.167.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214270/; classtype:trojan-activity;sid:82077370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214269)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.52.129.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214269/; classtype:trojan-activity;sid:82077369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214268)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.116.88.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214268/; classtype:trojan-activity;sid:82077368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214266)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.116.176.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214266/; classtype:trojan-activity;sid:82077366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214267)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.62.10.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214267/; classtype:trojan-activity;sid:82077367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214265)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.245.218.118"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214265/; classtype:trojan-activity;sid:82077365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214264)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.25.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214264/; classtype:trojan-activity;sid:82077364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214263)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.154.55.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214263/; classtype:trojan-activity;sid:82077363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214262)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.59.101.0"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214262/; classtype:trojan-activity;sid:82077362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214260)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.18.216"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214260/; classtype:trojan-activity;sid:82077360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214261)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.54.62.185"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214261/; classtype:trojan-activity;sid:82077361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214258)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.249.86.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214258/; classtype:trojan-activity;sid:82077358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214259)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.175.87.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214259/; classtype:trojan-activity;sid:82077359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214257)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"203.78.154.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214257/; classtype:trojan-activity;sid:82077357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214255)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.154.162.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214255/; classtype:trojan-activity;sid:82077355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214256)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.41.197.172"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214256/; classtype:trojan-activity;sid:82077356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214254)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.228.41.80"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214254/; classtype:trojan-activity;sid:82077354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214252)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.19.208"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214252/; classtype:trojan-activity;sid:82077352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214253)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.16.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214253/; classtype:trojan-activity;sid:82077353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214251)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.75.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214251/; classtype:trojan-activity;sid:82077351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214250)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.181.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214250/; classtype:trojan-activity;sid:82077350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214249)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.80.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214249/; classtype:trojan-activity;sid:82077349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214248)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.44.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214248/; classtype:trojan-activity;sid:82077348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214247)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.123.100"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214247/; classtype:trojan-activity;sid:82077347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214245)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.122.28"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214245/; classtype:trojan-activity;sid:82077345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214246)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.103.179"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214246/; classtype:trojan-activity;sid:82077346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214244)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.127.129"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214244/; classtype:trojan-activity;sid:82077344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214242)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.125.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214242/; classtype:trojan-activity;sid:82077342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214243)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.108.113"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214243/; classtype:trojan-activity;sid:82077343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214241)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.119.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214241/; classtype:trojan-activity;sid:82077341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214240)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.70.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214240/; classtype:trojan-activity;sid:82077340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214239)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.141.129.139"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214239/; classtype:trojan-activity;sid:82077339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214238)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.178.255.67"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214238/; classtype:trojan-activity;sid:82077338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214237)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.192.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214237/; classtype:trojan-activity;sid:82077337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214235)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.86.75.111"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214235/; classtype:trojan-activity;sid:82077335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214236)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.196.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214236/; classtype:trojan-activity;sid:82077336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214234)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"118.172.176.41"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214234/; classtype:trojan-activity;sid:82077334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214233)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.25.171"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214233/; classtype:trojan-activity;sid:82077333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214232)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.179.174.125"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214232/; classtype:trojan-activity;sid:82077332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214231)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.27.115.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214231/; classtype:trojan-activity;sid:82077331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214230)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.20.3.24"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214230/; classtype:trojan-activity;sid:82077330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214229)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.64.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214229/; classtype:trojan-activity;sid:82077329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214228)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.175.0.187"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214228/; classtype:trojan-activity;sid:82077328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214227)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.16.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214227/; classtype:trojan-activity;sid:82077327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214226)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.84.231"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214226/; classtype:trojan-activity;sid:82077326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214225)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.98.15.115"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214225/; classtype:trojan-activity;sid:82077325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214224)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.56.63.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214224/; classtype:trojan-activity;sid:82077324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214222)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.228.96.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214222/; classtype:trojan-activity;sid:82077322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214223)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.42.117"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214223/; classtype:trojan-activity;sid:82077323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214220)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.57.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214220/; classtype:trojan-activity;sid:82077320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214221)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.74.150.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214221/; classtype:trojan-activity;sid:82077321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214219)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.23.44"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214219/; classtype:trojan-activity;sid:82077319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214218)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.8.206.81"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214218/; classtype:trojan-activity;sid:82077318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214217)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.252.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214217/; classtype:trojan-activity;sid:82077317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214216)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.32.196.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214216/; classtype:trojan-activity;sid:82077316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214215)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.134.252"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214215/; classtype:trojan-activity;sid:82077315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214214)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.208.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214214/; classtype:trojan-activity;sid:82077314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214213)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.139.60.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214213/; classtype:trojan-activity;sid:82077313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214211)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.204.219.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214211/; classtype:trojan-activity;sid:82077311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214212)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.56.24.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214212/; classtype:trojan-activity;sid:82077312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214210)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.2.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214210/; classtype:trojan-activity;sid:82077310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214209)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.85.197.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214209/; classtype:trojan-activity;sid:82077309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214208)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.84.228.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214208/; classtype:trojan-activity;sid:82077308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214207)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.33.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214207/; classtype:trojan-activity;sid:82077307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214206)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.45.66.111"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214206/; classtype:trojan-activity;sid:82077306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214205)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.125.193.42"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214205/; classtype:trojan-activity;sid:82077305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214202)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.154.144"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214202/; classtype:trojan-activity;sid:82077302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214203)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.85.196.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214203/; classtype:trojan-activity;sid:82077303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214204)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.184.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214204/; classtype:trojan-activity;sid:82077304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214201)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.204.218.225"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214201/; classtype:trojan-activity;sid:82077301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214200)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.11.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214200/; classtype:trojan-activity;sid:82077300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214199)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"68.197.33.124"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214199/; classtype:trojan-activity;sid:82077299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214198)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.30.223.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214198/; classtype:trojan-activity;sid:82077298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214197)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.51.22.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214197/; classtype:trojan-activity;sid:82077297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214196)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.80.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214196/; classtype:trojan-activity;sid:82077296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214195)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.175.6.96"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214195/; classtype:trojan-activity;sid:82077295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214194)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"213.163.127.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214194/; classtype:trojan-activity;sid:82077294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214193)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.84.231"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214193/; classtype:trojan-activity;sid:82077293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214192)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.0.187"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214192/; classtype:trojan-activity;sid:82077292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214191)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.87.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214191/; classtype:trojan-activity;sid:82077291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214189)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.123.230.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214189/; classtype:trojan-activity;sid:82077289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214190)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.248.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214190/; classtype:trojan-activity;sid:82077290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214188)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"95.134.182.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214188/; classtype:trojan-activity;sid:82077288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214187)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.54.60.16"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214187/; classtype:trojan-activity;sid:82077287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214186)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.249.84.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214186/; classtype:trojan-activity;sid:82077286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214185)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.175.0.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214185/; classtype:trojan-activity;sid:82077285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214184)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.228.246.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214184/; classtype:trojan-activity;sid:82077284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214180)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.177.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214180/; classtype:trojan-activity;sid:82077280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214181)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.46.44.252"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214181/; classtype:trojan-activity;sid:82077281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214182)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.40.74.241"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214182/; classtype:trojan-activity;sid:82077282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214183)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.5.40.96"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214183/; classtype:trojan-activity;sid:82077283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214177)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.175.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214177/; classtype:trojan-activity;sid:82077277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214178)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.68.191"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214178/; classtype:trojan-activity;sid:82077278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214179)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.41.52.33"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214179/; classtype:trojan-activity;sid:82077279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214176)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.112.109"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214176/; classtype:trojan-activity;sid:82077276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214175)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.24.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214175/; classtype:trojan-activity;sid:82077275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214173)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.62.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214173/; classtype:trojan-activity;sid:82077273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214174)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.126.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214174/; classtype:trojan-activity;sid:82077274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214170)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.25.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214170/; classtype:trojan-activity;sid:82077270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214171)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.127.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214171/; classtype:trojan-activity;sid:82077271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214172)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"171.38.192.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214172/; classtype:trojan-activity;sid:82077272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214169)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.162.116.92"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214169/; classtype:trojan-activity;sid:82077269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214168)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"180.138.16.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214168/; classtype:trojan-activity;sid:82077268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214167)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.201.193.159"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214167/; classtype:trojan-activity;sid:82077267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214165)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.236.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214165/; classtype:trojan-activity;sid:82077265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214166)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.72.203.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214166/; classtype:trojan-activity;sid:82077266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214163)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.241.65.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214163/; classtype:trojan-activity;sid:82077263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214164)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.75.199.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214164/; classtype:trojan-activity;sid:82077264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214160)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.175.112.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214160/; classtype:trojan-activity;sid:82077260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214161)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.251.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214161/; classtype:trojan-activity;sid:82077261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214162)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.35.226.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214162/; classtype:trojan-activity;sid:82077262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214158)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.246.24.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214158/; classtype:trojan-activity;sid:82077258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214159)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.210.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214159/; classtype:trojan-activity;sid:82077259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214157)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.30.4.37"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214157/; classtype:trojan-activity;sid:82077257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214155)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.141.254.86"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214155/; classtype:trojan-activity;sid:82077255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214156)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.252.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214156/; classtype:trojan-activity;sid:82077256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214154)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.220.124.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214154/; classtype:trojan-activity;sid:82077254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214153)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.175.115.173"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214153/; classtype:trojan-activity;sid:82077253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214152)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.212.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214152/; classtype:trojan-activity;sid:82077252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214151)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.94.128.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214151/; classtype:trojan-activity;sid:82077251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214150)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.123.230.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214150/; classtype:trojan-activity;sid:82077250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214148)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.86.248"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214148/; classtype:trojan-activity;sid:82077248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214149)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.27.89.38"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214149/; classtype:trojan-activity;sid:82077249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214147)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.17.168"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214147/; classtype:trojan-activity;sid:82077247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214146)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.41.194.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214146/; classtype:trojan-activity;sid:82077246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214145)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.175.49.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214145/; classtype:trojan-activity;sid:82077245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214144)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.80.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214144/; classtype:trojan-activity;sid:82077244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214143)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.71.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214143/; classtype:trojan-activity;sid:82077243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214142)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.79.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214142/; classtype:trojan-activity;sid:82077242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214141)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.61.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214141/; classtype:trojan-activity;sid:82077241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214140)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.227.243"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214140/; classtype:trojan-activity;sid:82077240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214139)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.29.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214139/; classtype:trojan-activity;sid:82077239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214138)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.247.206.22"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214138/; classtype:trojan-activity;sid:82077238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214137)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.85.198.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214137/; classtype:trojan-activity;sid:82077237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214133)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.138.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214133/; classtype:trojan-activity;sid:82077233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214134)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.87.202.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214134/; classtype:trojan-activity;sid:82077234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214135)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.173.151"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214135/; classtype:trojan-activity;sid:82077235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214136)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.149.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214136/; classtype:trojan-activity;sid:82077236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214132)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.167.32"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214132/; classtype:trojan-activity;sid:82077232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214131)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.72.200.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214131/; classtype:trojan-activity;sid:82077231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214130)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.91.245.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214130/; classtype:trojan-activity;sid:82077230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214129)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.6.96"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214129/; classtype:trojan-activity;sid:82077229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214128)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.110.9"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214128/; classtype:trojan-activity;sid:82077228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214127)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.0.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214127/; classtype:trojan-activity;sid:82077227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214126)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.8.47.165"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214126/; classtype:trojan-activity;sid:82077226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214125)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"58.58.63.174"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214125/; classtype:trojan-activity;sid:82077225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214124)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.115.173"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214124/; classtype:trojan-activity;sid:82077224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214123)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.212.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214123/; classtype:trojan-activity;sid:82077223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214122)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.175.10.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214122/; classtype:trojan-activity;sid:82077222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214121)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.255.18.166"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214121/; classtype:trojan-activity;sid:82077221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214120)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.47.8"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214120/; classtype:trojan-activity;sid:82077220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214118)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.108.244"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214118/; classtype:trojan-activity;sid:82077218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214119)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.168.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214119/; classtype:trojan-activity;sid:82077219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214117)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.255.210.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214117/; classtype:trojan-activity;sid:82077217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214116)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.41.202.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214116/; classtype:trojan-activity;sid:82077216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214113)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.77.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214113/; classtype:trojan-activity;sid:82077213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214114)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.41.252.173"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214114/; classtype:trojan-activity;sid:82077214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214115)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.43.117.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214115/; classtype:trojan-activity;sid:82077215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214112)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.43.120.188"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214112/; classtype:trojan-activity;sid:82077212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214111)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.138.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214111/; classtype:trojan-activity;sid:82077211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214110)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.233.64"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214110/; classtype:trojan-activity;sid:82077210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214108)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.28.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214108/; classtype:trojan-activity;sid:82077208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214109)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.122.116"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214109/; classtype:trojan-activity;sid:82077209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214107)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.88.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214107/; classtype:trojan-activity;sid:82077207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214105)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.14.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214105/; classtype:trojan-activity;sid:82077205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214106)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.70.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214106/; classtype:trojan-activity;sid:82077206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214104)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.201.238"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214104/; classtype:trojan-activity;sid:82077204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214103)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.97.135.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214103/; classtype:trojan-activity;sid:82077203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214102)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.46.137.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214102/; classtype:trojan-activity;sid:82077202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214100)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.123.239.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214100/; classtype:trojan-activity;sid:82077200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214101)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.45.59.204"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214101/; classtype:trojan-activity;sid:82077201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214099)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.93.174"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214099/; classtype:trojan-activity;sid:82077199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214098)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.247.203.131"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214098/; classtype:trojan-activity;sid:82077198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214097)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.41.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214097/; classtype:trojan-activity;sid:82077197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214096)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.112.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214096/; classtype:trojan-activity;sid:82077196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214095)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.172.227"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214095/; classtype:trojan-activity;sid:82077195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214094)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.85.173.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214094/; classtype:trojan-activity;sid:82077194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214093)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.202.70.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214093/; classtype:trojan-activity;sid:82077193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214090)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.201.205.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214090/; classtype:trojan-activity;sid:82077190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214091)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.52.101.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214091/; classtype:trojan-activity;sid:82077191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214092)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.184.114.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214092/; classtype:trojan-activity;sid:82077192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214089)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.8.47.165"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214089/; classtype:trojan-activity;sid:82077189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214088)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.73.179.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214088/; classtype:trojan-activity;sid:82077188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214087)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.202.98.86"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214087/; classtype:trojan-activity;sid:82077187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214086)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.37.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214086/; classtype:trojan-activity;sid:82077186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214085)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.175.78.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214085/; classtype:trojan-activity;sid:82077185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214084)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"92.113.94.151"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214084/; classtype:trojan-activity;sid:82077184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214083)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.49.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214083/; classtype:trojan-activity;sid:82077183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214082)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.55.169.225"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214082/; classtype:trojan-activity;sid:82077182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214081)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.94.181.225"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214081/; classtype:trojan-activity;sid:82077181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214080)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.21.84.154"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214080/; classtype:trojan-activity;sid:82077180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214079)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.202.26.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214079/; classtype:trojan-activity;sid:82077179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214078)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.102.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214078/; classtype:trojan-activity;sid:82077178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214077)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.5.36.221"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214077/; classtype:trojan-activity;sid:82077177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214076)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.188.164.82"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214076/; classtype:trojan-activity;sid:82077176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214074)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.109.76"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_09; reference:url, urlhaus.abuse.ch/url/1214074/; classtype:trojan-activity;sid:82077174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1214075)"; flow:es