################################################################ # abuse.ch URLhaus IDS ruleset (Snort / Suricata) # # Last updated: 2020-09-21 01:50:10 (UTC) # # # # Terms Of Use: https://urlhaus.abuse.ch/api/ # # For questions please contact urlhaus [at] abuse.ch # ################################################################ # # url alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (581151)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"106.0.56.249"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/581151/; classtype:trojan-activity;sid:81444251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (581150)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"103.82.223.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/581150/; classtype:trojan-activity;sid:81444250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (581149)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.38.106.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/581149/; classtype:trojan-activity;sid:81444249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (581148)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"106.0.57.213"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/581148/; classtype:trojan-activity;sid:81444248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (581147)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"112.226.148.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/581147/; classtype:trojan-activity;sid:81444247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (581145)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"106.0.57.214"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/581145/; classtype:trojan-activity;sid:81444245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (581144)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"106.0.58.135"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/581144/; classtype:trojan-activity;sid:81444244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (581146)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/statement/p2dgdm2416828775219gs5o81ku4us4377s/"; http_uri; depth:58; isdataat:!1,relative; content:"dev.marketown.in"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/581146/; classtype:trojan-activity;sid:81444246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (581143)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/llc/"; http_uri; depth:14; isdataat:!1,relative; content:"shriharidyes.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/581143/; classtype:trojan-activity;sid:81444243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (581141)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"103.207.170.132"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/581141/; classtype:trojan-activity;sid:81444241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (581142)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"112.225.58.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/581142/; classtype:trojan-activity;sid:81444242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (581139)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"112.225.16.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/581139/; classtype:trojan-activity;sid:81444239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (581140)"; flow:established,from_client; content:"GET"; http_method; content:"/sys-cache/4103470274/ztf5ewygjsvp/"; http_uri; depth:35; isdataat:!1,relative; content:"dev.omniroom.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/581140/; classtype:trojan-activity;sid:81444240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (581135)"; flow:established,from_client; content:"GET"; http_method; content:"/images/v459217428850534hbga7v93/"; http_uri; depth:33; isdataat:!1,relative; content:"lagera.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/581135/; classtype:trojan-activity;sid:81444235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (581132)"; flow:established,from_client; content:"GET"; http_method; content:"/awxfh/public/pzx10o27/"; http_uri; depth:23; isdataat:!1,relative; content:"ripalsindianstreetfood.com.au"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/581132/; classtype:trojan-activity;sid:81444232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (581130)"; flow:established,from_client; content:"GET"; http_method; content:"/captcha/paclm/ncrwhbk09as/"; http_uri; depth:27; isdataat:!1,relative; content:"www.divorcelink.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/581130/; classtype:trojan-activity;sid:81444230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (581129)"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/352686432/"; http_uri; depth:19; isdataat:!1,relative; content:"movewithketty.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/581129/; classtype:trojan-activity;sid:81444229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (581127)"; flow:established,from_client; content:"GET"; http_method; content:"/yedek/file/tf2ffkwa2fk/"; http_uri; depth:24; isdataat:!1,relative; content:"siyahkalemresim.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/581127/; classtype:trojan-activity;sid:81444227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (581126)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/llc/s7fruspxjnkbt1ewsdt/"; http_uri; depth:34; isdataat:!1,relative; content:"brinno.com.mx"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/581126/; classtype:trojan-activity;sid:81444226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (581125)"; flow:established,from_client; content:"GET"; http_method; content:"/yedek/document/b54jj2795199213v2a4x3p9zxvhq1rt45sim/"; http_uri; depth:53; isdataat:!1,relative; content:"siyahkalemresim.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/581125/; classtype:trojan-activity;sid:81444225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (581123)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/overview/"; http_uri; depth:19; isdataat:!1,relative; content:"kauppa.pe"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/581123/; classtype:trojan-activity;sid:81444223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (581119)"; flow:established,from_client; content:"GET"; http_method; content:"/http://oct/7jzpok3ti9s7/"; http_uri; depth:25; isdataat:!1,relative; content:"www.arkaneod.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/581119/; classtype:trojan-activity;sid:81444219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (581117)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/reporting/m0pkpqb8xle6/"; http_uri; depth:35; isdataat:!1,relative; content:"kokono.vn"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/581117/; classtype:trojan-activity;sid:81444217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (581118)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/invoice/kgnohtp/dbypfl7847108868ohanljl8f2y/"; http_uri; depth:56; isdataat:!1,relative; content:"smarts.tj"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/581118/; classtype:trojan-activity;sid:81444218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (581114)"; flow:established,from_client; content:"GET"; http_method; content:"/addons/70949225/ze10ypp/"; http_uri; depth:25; isdataat:!1,relative; content:"shuiyin.xuezha.cn"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/581114/; classtype:trojan-activity;sid:81444214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (581111)"; flow:established,from_client; content:"GET"; http_method; content:"/wp/documentation/"; http_uri; depth:18; isdataat:!1,relative; content:"sentir.nl"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/581111/; classtype:trojan-activity;sid:81444211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (581108)"; flow:established,from_client; content:"GET"; http_method; content:"/erros/esp/"; http_uri; depth:11; isdataat:!1,relative; content:"associacaomda.org"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/581108/; classtype:trojan-activity;sid:81444208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (581107)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/file/rlpymel0mew2s6qlqub/"; http_uri; depth:37; isdataat:!1,relative; content:"galeyrnews.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/581107/; classtype:trojan-activity;sid:81444207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (581106)"; flow:established,from_client; content:"GET"; http_method; content:"/http://lm/orocc0o4rh4cd/"; http_uri; depth:25; isdataat:!1,relative; content:"www.arkaneod.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/581106/; classtype:trojan-activity;sid:81444206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (581105)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/overview/5pxez5seuorz2niftly/"; http_uri; depth:42; isdataat:!1,relative; content:"1314.ren"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/581105/; classtype:trojan-activity;sid:81444205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (581104)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"61.53.219.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/581104/; classtype:trojan-activity;sid:81444204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (581103)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"61.52.45.144"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/581103/; classtype:trojan-activity;sid:81444203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (581101)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"60.243.180.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/581101/; classtype:trojan-activity;sid:81444201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (581102)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"61.52.197.168"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/581102/; classtype:trojan-activity;sid:81444202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (581099)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"60.243.182.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/581099/; classtype:trojan-activity;sid:81444199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (581096)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"60.243.230.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/581096/; classtype:trojan-activity;sid:81444196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (581098)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"61.179.180.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/581098/; classtype:trojan-activity;sid:81444198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (581100)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"61.52.194.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/581100/; classtype:trojan-activity;sid:81444200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (581095)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"60.243.180.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/581095/; classtype:trojan-activity;sid:81444195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (581093)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"60.243.134.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/581093/; classtype:trojan-activity;sid:81444193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (581092)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"60.243.123.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/581092/; classtype:trojan-activity;sid:81444192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (581091)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"60.243.170.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/581091/; classtype:trojan-activity;sid:81444191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (581089)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"60.178.61.247"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/581089/; classtype:trojan-activity;sid:81444189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (581087)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"60.214.247.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/581087/; classtype:trojan-activity;sid:81444187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (581085)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.239.31.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/581085/; classtype:trojan-activity;sid:81444185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (581086)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"60.215.191.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/581086/; classtype:trojan-activity;sid:81444186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (581084)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"60.243.112.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/581084/; classtype:trojan-activity;sid:81444184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (581082)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"60.211.103.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/581082/; classtype:trojan-activity;sid:81444182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (581081)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"60.214.229.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/581081/; classtype:trojan-activity;sid:81444181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (581083)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"60.214.72.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/581083/; classtype:trojan-activity;sid:81444183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (581080)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.239.115.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/581080/; classtype:trojan-activity;sid:81444180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (581079)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.230.94.215"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/581079/; classtype:trojan-activity;sid:81444179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (581078)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.232.46.86"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/581078/; classtype:trojan-activity;sid:81444178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (581077)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.230.176.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/581077/; classtype:trojan-activity;sid:81444177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (581073)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"42.228.37.12"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/581073/; classtype:trojan-activity;sid:81444173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (581075)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.231.255.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/581075/; classtype:trojan-activity;sid:81444175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (581072)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.231.83.249"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/581072/; classtype:trojan-activity;sid:81444172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (581074)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.235.179.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/581074/; classtype:trojan-activity;sid:81444174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (581076)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.235.89.149"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/581076/; classtype:trojan-activity;sid:81444176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (581071)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.231.184.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/581071/; classtype:trojan-activity;sid:81444171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (581070)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.233.102.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/581070/; classtype:trojan-activity;sid:81444170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (581069)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.234.226.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/581069/; classtype:trojan-activity;sid:81444169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (581068)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.234.227.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/581068/; classtype:trojan-activity;sid:81444168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (581066)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.224.136.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/581066/; classtype:trojan-activity;sid:81444166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (581063)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"27.7.27.124"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/581063/; classtype:trojan-activity;sid:81444163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (581062)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"39.66.86.239"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/581062/; classtype:trojan-activity;sid:81444162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (581059)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"39.73.159.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/581059/; classtype:trojan-activity;sid:81444159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (581064)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"39.86.83.125"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/581064/; classtype:trojan-activity;sid:81444164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (581061)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"39.87.58.131"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/581061/; classtype:trojan-activity;sid:81444161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (581058)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"39.88.37.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/581058/; classtype:trojan-activity;sid:81444158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (581060)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"41.86.5.140"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/581060/; classtype:trojan-activity;sid:81444160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (581065)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.228.118.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/581065/; classtype:trojan-activity;sid:81444165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (581057)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"39.79.149.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/581057/; classtype:trojan-activity;sid:81444157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (581056)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.7.176.15"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/581056/; classtype:trojan-activity;sid:81444156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (581055)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.7.167.172"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/581055/; classtype:trojan-activity;sid:81444155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (581054)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.7.229.112"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/581054/; classtype:trojan-activity;sid:81444154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (581053)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.7.11.85"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/581053/; classtype:trojan-activity;sid:81444153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (581052)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.7.153.120"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/581052/; classtype:trojan-activity;sid:81444152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (581051)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"27.7.155.190"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/581051/; classtype:trojan-activity;sid:81444151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (581048)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.7.109.108"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/581048/; classtype:trojan-activity;sid:81444148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (581049)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"27.7.162.108"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/581049/; classtype:trojan-activity;sid:81444149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (581047)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"27.7.166.133"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/581047/; classtype:trojan-activity;sid:81444147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (581046)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.6.77.192"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/581046/; classtype:trojan-activity;sid:81444146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (581045)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"27.6.77.223"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/581045/; classtype:trojan-activity;sid:81444145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (581044)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"27.7.111.201"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/581044/; classtype:trojan-activity;sid:81444144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (581043)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.6.207.212"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/581043/; classtype:trojan-activity;sid:81444143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (581039)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.6.184.67"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/581039/; classtype:trojan-activity;sid:81444139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (581041)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"27.6.194.227"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/581041/; classtype:trojan-activity;sid:81444141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (581040)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.6.243.60"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/581040/; classtype:trojan-activity;sid:81444140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (581038)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.6.53.253"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/581038/; classtype:trojan-activity;sid:81444138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (581037)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.5.35.240"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/581037/; classtype:trojan-activity;sid:81444137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (581034)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"27.5.35.18"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/581034/; classtype:trojan-activity;sid:81444134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (581032)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.5.46.56"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/581032/; classtype:trojan-activity;sid:81444132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (581033)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"27.6.171.134"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/581033/; classtype:trojan-activity;sid:81444133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (581031)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"27.5.19.55"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/581031/; classtype:trojan-activity;sid:81444131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (581026)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.37.10.29"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/581026/; classtype:trojan-activity;sid:81444126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (581028)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.4.168.102"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/581028/; classtype:trojan-activity;sid:81444128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (581030)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.4.168.49"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/581030/; classtype:trojan-activity;sid:81444130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (581029)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.5.16.166"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/581029/; classtype:trojan-activity;sid:81444129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (581027)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.5.24.74"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/581027/; classtype:trojan-activity;sid:81444127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (581025)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.202.118.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/581025/; classtype:trojan-activity;sid:81444125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (581024)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.213.23.111"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/581024/; classtype:trojan-activity;sid:81444124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (581023)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.207.69.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/581023/; classtype:trojan-activity;sid:81444123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (581022)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.197.198.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/581022/; classtype:trojan-activity;sid:81444122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (581018)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.202.145.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/581018/; classtype:trojan-activity;sid:81444118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (581020)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.202.55.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/581020/; classtype:trojan-activity;sid:81444120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (581021)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.206.87.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/581021/; classtype:trojan-activity;sid:81444121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (581015)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.215.212.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/581015/; classtype:trojan-activity;sid:81444115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (581016)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"27.216.122.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/581016/; classtype:trojan-activity;sid:81444116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (581019)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"27.216.46.180"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/581019/; classtype:trojan-activity;sid:81444119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (581017)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.217.102.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/581017/; classtype:trojan-activity;sid:81444117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (581014)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.217.172.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/581014/; classtype:trojan-activity;sid:81444114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (581012)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"221.0.148.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/581012/; classtype:trojan-activity;sid:81444112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (581013)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"222.137.169.203"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/581013/; classtype:trojan-activity;sid:81444113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (581011)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"222.137.79.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/581011/; classtype:trojan-activity;sid:81444111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (581010)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"222.187.155.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/581010/; classtype:trojan-activity;sid:81444110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (581004)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"221.15.171.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/581004/; classtype:trojan-activity;sid:81444104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (581007)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"221.15.212.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/581007/; classtype:trojan-activity;sid:81444107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (581005)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"222.134.180.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/581005/; classtype:trojan-activity;sid:81444105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (581006)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"222.137.162.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/581006/; classtype:trojan-activity;sid:81444106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (581009)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"222.137.251.118"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/581009/; classtype:trojan-activity;sid:81444109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (581008)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"222.138.122.254"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/581008/; classtype:trojan-activity;sid:81444108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (581001)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"221.3.58.141"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/581001/; classtype:trojan-activity;sid:81444101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (581002)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"222.140.159.253"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/581002/; classtype:trojan-activity;sid:81444102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (581003)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.194.74.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/581003/; classtype:trojan-activity;sid:81444103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (581000)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"203.212.230.100"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/581000/; classtype:trojan-activity;sid:81444100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580999)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"219.154.125.188"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580999/; classtype:trojan-activity;sid:81444099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580998)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"219.155.215.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580998/; classtype:trojan-activity;sid:81444098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580997)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"219.155.97.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580997/; classtype:trojan-activity;sid:81444097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580992)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"203.212.209.94"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580992/; classtype:trojan-activity;sid:81444092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580993)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"203.212.241.132"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580993/; classtype:trojan-activity;sid:81444093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580994)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"219.154.115.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580994/; classtype:trojan-activity;sid:81444094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580996)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"219.154.151.78"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580996/; classtype:trojan-activity;sid:81444096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580991)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"219.156.13.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580991/; classtype:trojan-activity;sid:81444091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580990)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"219.156.18.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580990/; classtype:trojan-activity;sid:81444090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580995)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"219.157.136.158"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580995/; classtype:trojan-activity;sid:81444095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580986)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"182.124.89.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580986/; classtype:trojan-activity;sid:81444086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580984)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.127.119.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580984/; classtype:trojan-activity;sid:81444084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580982)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.127.178.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580982/; classtype:trojan-activity;sid:81444082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580981)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.127.99.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580981/; classtype:trojan-activity;sid:81444081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580983)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"190.26.162.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580983/; classtype:trojan-activity;sid:81444083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580987)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"190.27.57.233"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580987/; classtype:trojan-activity;sid:81444087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580980)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.121.118.37"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580980/; classtype:trojan-activity;sid:81444080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580979)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.119.200.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580979/; classtype:trojan-activity;sid:81444079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580973)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"182.117.71.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580973/; classtype:trojan-activity;sid:81444073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580978)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.118.139.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580978/; classtype:trojan-activity;sid:81444078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580975)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"182.119.16.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580975/; classtype:trojan-activity;sid:81444075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580976)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.119.21.124"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580976/; classtype:trojan-activity;sid:81444076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580974)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.121.93.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580974/; classtype:trojan-activity;sid:81444074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580977)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.121.94.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580977/; classtype:trojan-activity;sid:81444077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580968)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"125.46.202.230"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580968/; classtype:trojan-activity;sid:81444068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580971)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"125.47.162.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580971/; classtype:trojan-activity;sid:81444071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580970)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.112.131.222"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580970/; classtype:trojan-activity;sid:81444070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580972)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"182.113.24.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580972/; classtype:trojan-activity;sid:81444072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580969)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.114.22.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580969/; classtype:trojan-activity;sid:81444069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580966)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"125.47.245.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580966/; classtype:trojan-activity;sid:81444066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580965)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"178.134.190.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580965/; classtype:trojan-activity;sid:81444065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580967)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"182.116.108.188"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580967/; classtype:trojan-activity;sid:81444067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580964)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"176.113.161.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580964/; classtype:trojan-activity;sid:81444064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580963)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"124.131.152.153"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580963/; classtype:trojan-activity;sid:81444063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580962)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"125.43.117.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580962/; classtype:trojan-activity;sid:81444062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580958)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"124.135.82.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580958/; classtype:trojan-activity;sid:81444058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580959)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"125.40.131.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580959/; classtype:trojan-activity;sid:81444059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580954)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"125.40.146.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580954/; classtype:trojan-activity;sid:81444054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580961)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"125.41.15.187"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580961/; classtype:trojan-activity;sid:81444061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580960)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"125.41.9.176"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580960/; classtype:trojan-activity;sid:81444060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580955)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"125.42.127.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580955/; classtype:trojan-activity;sid:81444055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580957)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"125.44.21.151"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580957/; classtype:trojan-activity;sid:81444057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580956)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"125.46.184.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580956/; classtype:trojan-activity;sid:81444056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580952)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"125.42.120.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580952/; classtype:trojan-activity;sid:81444052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580953)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"125.43.61.159"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580953/; classtype:trojan-activity;sid:81444053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580950)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"123.132.131.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580950/; classtype:trojan-activity;sid:81444050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580951)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"124.129.96.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580951/; classtype:trojan-activity;sid:81444051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580949)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"123.4.80.148"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580949/; classtype:trojan-activity;sid:81444049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580942)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"122.230.12.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580942/; classtype:trojan-activity;sid:81444042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580946)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"123.10.149.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580946/; classtype:trojan-activity;sid:81444046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580945)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"123.11.152.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580945/; classtype:trojan-activity;sid:81444045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580940)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"123.14.149.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580940/; classtype:trojan-activity;sid:81444040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580947)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"123.4.82.183"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580947/; classtype:trojan-activity;sid:81444047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580944)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"123.5.140.17"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580944/; classtype:trojan-activity;sid:81444044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580943)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"123.5.187.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580943/; classtype:trojan-activity;sid:81444043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580938)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"119.187.154.184"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580938/; classtype:trojan-activity;sid:81444038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580937)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"119.183.42.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580937/; classtype:trojan-activity;sid:81444037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580931)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"116.75.84.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580931/; classtype:trojan-activity;sid:81444031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580933)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"119.178.165.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580933/; classtype:trojan-activity;sid:81444033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580935)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"119.179.17.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580935/; classtype:trojan-activity;sid:81444035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580936)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"119.179.239.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580936/; classtype:trojan-activity;sid:81444036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580930)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"120.56.112.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580930/; classtype:trojan-activity;sid:81444030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580932)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"122.195.123.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580932/; classtype:trojan-activity;sid:81444032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580929)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"120.12.50.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580929/; classtype:trojan-activity;sid:81444029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580928)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"116.75.201.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580928/; classtype:trojan-activity;sid:81444028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580927)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.75.205.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580927/; classtype:trojan-activity;sid:81444027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580925)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.75.195.255"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580925/; classtype:trojan-activity;sid:81444025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580924)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.75.193.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580924/; classtype:trojan-activity;sid:81444024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580918)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"116.75.192.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580918/; classtype:trojan-activity;sid:81444018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580921)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.75.192.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580921/; classtype:trojan-activity;sid:81444021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580922)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"116.75.197.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580922/; classtype:trojan-activity;sid:81444022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580923)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.75.199.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580923/; classtype:trojan-activity;sid:81444023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580920)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.75.242.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580920/; classtype:trojan-activity;sid:81444020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580919)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"116.75.80.64"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580919/; classtype:trojan-activity;sid:81444019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580917)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"116.75.214.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580917/; classtype:trojan-activity;sid:81444017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580915)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.74.105.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580915/; classtype:trojan-activity;sid:81444015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580913)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.74.118.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580913/; classtype:trojan-activity;sid:81444013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580911)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.74.134.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580911/; classtype:trojan-activity;sid:81444011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580912)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.75.107.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580912/; classtype:trojan-activity;sid:81444012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580914)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.75.125.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580914/; classtype:trojan-activity;sid:81444014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580909)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.74.83.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580909/; classtype:trojan-activity;sid:81444009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580908)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.75.103.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580908/; classtype:trojan-activity;sid:81444008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580910)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"116.75.161.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580910/; classtype:trojan-activity;sid:81444010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580907)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.72.233.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580907/; classtype:trojan-activity;sid:81444007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580905)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.72.22.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580905/; classtype:trojan-activity;sid:81444005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580904)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.72.34.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580904/; classtype:trojan-activity;sid:81444004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580903)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.73.205.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580903/; classtype:trojan-activity;sid:81444003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580902)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.99.28.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580902/; classtype:trojan-activity;sid:81444002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580901)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.99.212.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580901/; classtype:trojan-activity;sid:81444001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580898)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"115.99.234.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580898/; classtype:trojan-activity;sid:81443998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580899)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.99.253.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580899/; classtype:trojan-activity;sid:81443999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580897)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.99.29.248"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580897/; classtype:trojan-activity;sid:81443997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580900)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.99.84.124"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580900/; classtype:trojan-activity;sid:81444000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580896)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.99.199.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580896/; classtype:trojan-activity;sid:81443996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580895)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.99.166.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580895/; classtype:trojan-activity;sid:81443995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580892)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"115.98.69.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580892/; classtype:trojan-activity;sid:81443992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580893)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"115.99.119.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580893/; classtype:trojan-activity;sid:81443993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580894)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.99.197.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580894/; classtype:trojan-activity;sid:81443994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580887)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.99.107.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580887/; classtype:trojan-activity;sid:81443987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580890)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.99.131.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580890/; classtype:trojan-activity;sid:81443990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580891)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.99.164.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580891/; classtype:trojan-activity;sid:81443991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580888)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"115.99.191.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580888/; classtype:trojan-activity;sid:81443988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580886)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.98.195.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580886/; classtype:trojan-activity;sid:81443986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580885)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"115.98.177.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580885/; classtype:trojan-activity;sid:81443985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580884)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"115.98.196.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580884/; classtype:trojan-activity;sid:81443984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580883)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"115.98.2.242"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580883/; classtype:trojan-activity;sid:81443983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580881)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.97.137.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580881/; classtype:trojan-activity;sid:81443981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580880)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"115.98.145.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580880/; classtype:trojan-activity;sid:81443980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580878)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.97.30.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580878/; classtype:trojan-activity;sid:81443978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580874)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"115.97.30.253"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580874/; classtype:trojan-activity;sid:81443974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580877)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.97.81.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580877/; classtype:trojan-activity;sid:81443977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580875)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.97.81.240"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580875/; classtype:trojan-activity;sid:81443975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580876)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"42.224.1.248"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580876/; classtype:trojan-activity;sid:81443976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580871)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.96.152.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580871/; classtype:trojan-activity;sid:81443971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580870)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"115.97.194.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580870/; classtype:trojan-activity;sid:81443970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580866)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"115.96.137.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580866/; classtype:trojan-activity;sid:81443966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580867)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.96.137.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580867/; classtype:trojan-activity;sid:81443967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580865)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"115.96.150.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580865/; classtype:trojan-activity;sid:81443965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580869)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.96.156.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580869/; classtype:trojan-activity;sid:81443969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580868)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.96.255.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580868/; classtype:trojan-activity;sid:81443968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580864)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.97.140.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580864/; classtype:trojan-activity;sid:81443964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580863)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"115.61.110.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580863/; classtype:trojan-activity;sid:81443963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580862)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.55.138.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580862/; classtype:trojan-activity;sid:81443962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580861)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"115.96.130.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580861/; classtype:trojan-activity;sid:81443961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580860)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.52.233.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580860/; classtype:trojan-activity;sid:81443960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580859)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"115.55.197.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580859/; classtype:trojan-activity;sid:81443959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580854)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"115.52.238.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580854/; classtype:trojan-activity;sid:81443954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580856)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.55.157.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580856/; classtype:trojan-activity;sid:81443956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580858)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.55.191.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580858/; classtype:trojan-activity;sid:81443958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580855)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"115.59.213.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580855/; classtype:trojan-activity;sid:81443955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580857)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.96.125.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580857/; classtype:trojan-activity;sid:81443957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580853)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.50.68.228"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580853/; classtype:trojan-activity;sid:81443953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580850)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"115.50.93.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580850/; classtype:trojan-activity;sid:81443950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580851)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.56.188.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580851/; classtype:trojan-activity;sid:81443951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580852)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.59.205.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580852/; classtype:trojan-activity;sid:81443952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580849)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"112.30.98.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580849/; classtype:trojan-activity;sid:81443949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580848)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"112.30.1.177"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580848/; classtype:trojan-activity;sid:81443948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580847)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"115.48.197.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580847/; classtype:trojan-activity;sid:81443947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580843)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"112.254.48.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580843/; classtype:trojan-activity;sid:81443943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580845)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"112.255.155.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580845/; classtype:trojan-activity;sid:81443945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580844)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.49.72.233"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580844/; classtype:trojan-activity;sid:81443944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580846)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"115.50.161.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580846/; classtype:trojan-activity;sid:81443946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580840)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"112.27.88.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580840/; classtype:trojan-activity;sid:81443940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580841)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.48.149.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580841/; classtype:trojan-activity;sid:81443941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580842)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"115.50.156.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580842/; classtype:trojan-activity;sid:81443942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580838)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"112.254.244.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580838/; classtype:trojan-activity;sid:81443938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580837)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"112.30.1.247"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580837/; classtype:trojan-activity;sid:81443937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580836)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"113.133.229.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580836/; classtype:trojan-activity;sid:81443936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580839)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.48.200.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580839/; classtype:trojan-activity;sid:81443939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580834)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"112.230.128.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580834/; classtype:trojan-activity;sid:81443934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580833)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"112.238.150.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580833/; classtype:trojan-activity;sid:81443933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580832)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"112.238.67.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580832/; classtype:trojan-activity;sid:81443932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580829)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"112.226.251.254"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580829/; classtype:trojan-activity;sid:81443929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580825)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"112.238.127.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580825/; classtype:trojan-activity;sid:81443925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580824)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"112.238.229.128"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580824/; classtype:trojan-activity;sid:81443924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580823)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"112.242.117.86"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580823/; classtype:trojan-activity;sid:81443923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580827)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"112.242.67.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580827/; classtype:trojan-activity;sid:81443927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580826)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"112.246.9.240"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580826/; classtype:trojan-activity;sid:81443926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580828)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"112.248.11.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580828/; classtype:trojan-activity;sid:81443928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580831)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"112.248.69.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580831/; classtype:trojan-activity;sid:81443931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580830)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"112.254.101.232"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580830/; classtype:trojan-activity;sid:81443930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580822)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"112.254.11.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580822/; classtype:trojan-activity;sid:81443922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580821)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"103.82.222.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580821/; classtype:trojan-activity;sid:81443921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580820)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"103.97.139.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580820/; classtype:trojan-activity;sid:81443920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580818)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"103.97.139.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580818/; classtype:trojan-activity;sid:81443918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580817)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"112.225.82.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580817/; classtype:trojan-activity;sid:81443917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580819)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"112.225.90.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580819/; classtype:trojan-activity;sid:81443919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580816)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"61.163.157.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580816/; classtype:trojan-activity;sid:81443916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580815)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"61.52.99.69"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580815/; classtype:trojan-activity;sid:81443915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580813)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"61.54.234.196"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580813/; classtype:trojan-activity;sid:81443913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580814)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"94.179.172.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580814/; classtype:trojan-activity;sid:81443914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580811)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"60.243.49.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580811/; classtype:trojan-activity;sid:81443911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580810)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"60.243.254.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580810/; classtype:trojan-activity;sid:81443910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580809)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"61.156.99.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580809/; classtype:trojan-activity;sid:81443909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580808)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"60.243.238.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580808/; classtype:trojan-activity;sid:81443908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580807)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"60.254.98.107"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580807/; classtype:trojan-activity;sid:81443907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580804)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"60.243.254.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580804/; classtype:trojan-activity;sid:81443904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580805)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"60.243.254.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580805/; classtype:trojan-activity;sid:81443905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580806)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"60.243.49.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580806/; classtype:trojan-activity;sid:81443906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580802)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"60.243.226.230"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580802/; classtype:trojan-activity;sid:81443902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580800)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"60.254.108.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580800/; classtype:trojan-activity;sid:81443900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580803)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"60.254.58.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580803/; classtype:trojan-activity;sid:81443903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580801)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"60.254.92.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580801/; classtype:trojan-activity;sid:81443901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580799)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"60.243.169.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580799/; classtype:trojan-activity;sid:81443899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580796)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"60.243.146.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580796/; classtype:trojan-activity;sid:81443896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580797)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"60.243.149.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580797/; classtype:trojan-activity;sid:81443897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580795)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"60.243.171.230"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580795/; classtype:trojan-activity;sid:81443895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580793)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"60.243.132.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580793/; classtype:trojan-activity;sid:81443893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580786)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"60.243.112.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580786/; classtype:trojan-activity;sid:81443886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580787)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"60.243.118.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580787/; classtype:trojan-activity;sid:81443887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580788)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"60.243.127.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580788/; classtype:trojan-activity;sid:81443888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580785)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"60.243.127.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580785/; classtype:trojan-activity;sid:81443885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580784)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"60.243.117.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580784/; classtype:trojan-activity;sid:81443884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580782)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"60.243.121.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580782/; classtype:trojan-activity;sid:81443882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580783)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"60.243.125.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580783/; classtype:trojan-activity;sid:81443883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580781)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"45.224.43.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580781/; classtype:trojan-activity;sid:81443881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580780)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"59.180.179.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580780/; classtype:trojan-activity;sid:81443880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580775)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.231.108.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580775/; classtype:trojan-activity;sid:81443875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580779)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.234.240.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580779/; classtype:trojan-activity;sid:81443879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580774)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.235.187.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580774/; classtype:trojan-activity;sid:81443874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580777)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"60.209.160.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580777/; classtype:trojan-activity;sid:81443877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580778)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"60.209.33.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580778/; classtype:trojan-activity;sid:81443878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580776)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"60.243.112.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580776/; classtype:trojan-activity;sid:81443876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580773)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"39.89.53.15"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580773/; classtype:trojan-activity;sid:81443873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580772)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.230.58.237"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580772/; classtype:trojan-activity;sid:81443872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580764)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"39.80.53.200"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580764/; classtype:trojan-activity;sid:81443864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580765)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"39.89.42.193"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580765/; classtype:trojan-activity;sid:81443865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580766)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"39.90.191.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580766/; classtype:trojan-activity;sid:81443866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580763)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.225.16.124"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580763/; classtype:trojan-activity;sid:81443863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580770)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.227.206.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580770/; classtype:trojan-activity;sid:81443870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580767)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.227.242.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580767/; classtype:trojan-activity;sid:81443867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580768)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.228.32.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580768/; classtype:trojan-activity;sid:81443868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580769)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.230.0.66"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580769/; classtype:trojan-activity;sid:81443869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580771)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"42.230.89.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580771/; classtype:trojan-activity;sid:81443871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580761)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"27.7.229.136"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580761/; classtype:trojan-activity;sid:81443861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580762)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"27.7.29.21"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580762/; classtype:trojan-activity;sid:81443862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580760)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.7.94.210"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580760/; classtype:trojan-activity;sid:81443860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580759)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"27.7.231.3"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580759/; classtype:trojan-activity;sid:81443859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580757)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.7.81.149"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580757/; classtype:trojan-activity;sid:81443857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580758)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.7.83.73"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580758/; classtype:trojan-activity;sid:81443858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580756)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"27.7.81.209"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580756/; classtype:trojan-activity;sid:81443856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580755)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"39.74.30.150"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580755/; classtype:trojan-activity;sid:81443855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580754)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"39.79.39.1"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580754/; classtype:trojan-activity;sid:81443854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580752)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.7.124.214"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580752/; classtype:trojan-activity;sid:81443852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580753)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"27.7.169.38"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580753/; classtype:trojan-activity;sid:81443853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580751)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"27.7.123.21"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580751/; classtype:trojan-activity;sid:81443851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580750)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.7.163.219"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580750/; classtype:trojan-activity;sid:81443850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580748)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.6.242.139"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580748/; classtype:trojan-activity;sid:81443848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580749)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.6.28.143"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580749/; classtype:trojan-activity;sid:81443849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580744)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"27.6.184.58"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580744/; classtype:trojan-activity;sid:81443844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580746)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"27.6.186.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580746/; classtype:trojan-activity;sid:81443846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580747)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.6.199.139"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580747/; classtype:trojan-activity;sid:81443847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580745)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"27.6.206.48"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580745/; classtype:trojan-activity;sid:81443845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580743)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"27.6.182.221"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580743/; classtype:trojan-activity;sid:81443843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580740)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.5.45.209"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580740/; classtype:trojan-activity;sid:81443840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580741)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.6.174.41"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580741/; classtype:trojan-activity;sid:81443841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580736)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"27.6.13.35"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580736/; classtype:trojan-activity;sid:81443836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580739)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"27.6.158.11"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580739/; classtype:trojan-activity;sid:81443839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580738)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.6.167.56"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580738/; classtype:trojan-activity;sid:81443838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580735)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"27.6.174.26"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580735/; classtype:trojan-activity;sid:81443835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580733)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"27.6.133.192"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580733/; classtype:trojan-activity;sid:81443833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580732)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"187.103.82.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580732/; classtype:trojan-activity;sid:81443832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580730)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"222.135.64.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580730/; classtype:trojan-activity;sid:81443830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580731)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.5.30.98"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580731/; classtype:trojan-activity;sid:81443831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580729)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.114.82.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580729/; classtype:trojan-activity;sid:81443829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580726)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.121.83.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580726/; classtype:trojan-activity;sid:81443826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580727)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.126.123.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580727/; classtype:trojan-activity;sid:81443827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580728)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"203.163.234.67"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580728/; classtype:trojan-activity;sid:81443828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580725)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.202.234.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580725/; classtype:trojan-activity;sid:81443825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580724)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.120.59.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580724/; classtype:trojan-activity;sid:81443824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580723)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"182.121.203.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580723/; classtype:trojan-activity;sid:81443823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580721)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"219.155.40.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580721/; classtype:trojan-activity;sid:81443821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580722)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"222.138.119.194"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580722/; classtype:trojan-activity;sid:81443822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580719)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.121.32.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580719/; classtype:trojan-activity;sid:81443819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580717)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.124.172.53"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580717/; classtype:trojan-activity;sid:81443817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580718)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"190.27.23.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580718/; classtype:trojan-activity;sid:81443818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580716)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"219.156.20.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580716/; classtype:trojan-activity;sid:81443816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580715)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.5.28.194"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580715/; classtype:trojan-activity;sid:81443815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580714)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"27.4.172.129"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580714/; classtype:trojan-activity;sid:81443814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580713)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"221.14.106.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580713/; classtype:trojan-activity;sid:81443813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580708)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"182.116.52.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580708/; classtype:trojan-activity;sid:81443808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580709)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.127.69.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580709/; classtype:trojan-activity;sid:81443809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580710)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"222.74.186.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580710/; classtype:trojan-activity;sid:81443810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580712)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"27.215.160.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580712/; classtype:trojan-activity;sid:81443812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580711)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.217.121.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580711/; classtype:trojan-activity;sid:81443811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580706)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"219.155.87.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580706/; classtype:trojan-activity;sid:81443806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580707)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"221.1.154.94"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580707/; classtype:trojan-activity;sid:81443807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580705)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.202.212.124"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580705/; classtype:trojan-activity;sid:81443805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580702)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.117.64.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580702/; classtype:trojan-activity;sid:81443802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580703)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"202.83.37.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580703/; classtype:trojan-activity;sid:81443803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580700)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"222.137.107.174"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580700/; classtype:trojan-activity;sid:81443800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580701)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.223.213.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580701/; classtype:trojan-activity;sid:81443801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580696)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"182.124.162.94"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580696/; classtype:trojan-activity;sid:81443796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580697)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"186.155.162.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580697/; classtype:trojan-activity;sid:81443797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580699)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"222.137.153.127"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580699/; classtype:trojan-activity;sid:81443799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580698)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"27.5.35.46"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580698/; classtype:trojan-activity;sid:81443798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580695)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.114.208.120"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580695/; classtype:trojan-activity;sid:81443795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580694)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"176.174.193.187"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580694/; classtype:trojan-activity;sid:81443794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580693)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"125.99.243.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580693/; classtype:trojan-activity;sid:81443793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580692)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"125.99.6.198"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580692/; classtype:trojan-activity;sid:81443792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580691)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.112.62.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580691/; classtype:trojan-activity;sid:81443791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580689)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"125.44.28.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580689/; classtype:trojan-activity;sid:81443789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580688)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"125.41.96.204"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580688/; classtype:trojan-activity;sid:81443788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580687)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"125.44.125.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580687/; classtype:trojan-activity;sid:81443787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580686)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"125.44.15.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580686/; classtype:trojan-activity;sid:81443786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580680)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"125.40.146.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580680/; classtype:trojan-activity;sid:81443780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580679)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"125.41.148.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580679/; classtype:trojan-activity;sid:81443779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580685)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"125.41.149.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580685/; classtype:trojan-activity;sid:81443785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580681)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"125.42.204.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580681/; classtype:trojan-activity;sid:81443781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580683)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"125.45.79.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580683/; classtype:trojan-activity;sid:81443783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580682)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"125.47.12.124"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580682/; classtype:trojan-activity;sid:81443782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580684)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"125.47.49.133"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580684/; classtype:trojan-activity;sid:81443784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580678)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"123.130.25.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580678/; classtype:trojan-activity;sid:81443778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580677)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"123.5.158.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580677/; classtype:trojan-activity;sid:81443777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580673)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"122.244.222.14"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580673/; classtype:trojan-activity;sid:81443773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580676)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"123.132.170.229"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580676/; classtype:trojan-activity;sid:81443776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580675)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"123.14.92.214"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580675/; classtype:trojan-activity;sid:81443775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580674)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"123.235.149.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580674/; classtype:trojan-activity;sid:81443774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580671)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"123.130.143.96"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580671/; classtype:trojan-activity;sid:81443771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580669)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"123.130.167.190"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580669/; classtype:trojan-activity;sid:81443769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580670)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"123.4.194.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580670/; classtype:trojan-activity;sid:81443770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580668)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"124.131.132.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580668/; classtype:trojan-activity;sid:81443768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580672)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"124.131.136.137"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580672/; classtype:trojan-activity;sid:81443772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580667)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"123.5.187.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580667/; classtype:trojan-activity;sid:81443767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580666)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"120.57.216.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580666/; classtype:trojan-activity;sid:81443766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580665)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"120.59.127.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580665/; classtype:trojan-activity;sid:81443765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580664)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"119.167.30.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580664/; classtype:trojan-activity;sid:81443764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580663)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"119.179.239.96"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580663/; classtype:trojan-activity;sid:81443763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580661)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"119.179.63.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580661/; classtype:trojan-activity;sid:81443761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580662)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"119.187.158.42"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580662/; classtype:trojan-activity;sid:81443762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580660)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"119.185.233.207"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580660/; classtype:trojan-activity;sid:81443760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580658)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"116.75.78.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580658/; classtype:trojan-activity;sid:81443758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580659)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"119.166.226.1"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580659/; classtype:trojan-activity;sid:81443759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580656)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"119.165.224.162"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580656/; classtype:trojan-activity;sid:81443756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580654)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"116.75.88.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580654/; classtype:trojan-activity;sid:81443754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580655)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"116.75.88.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580655/; classtype:trojan-activity;sid:81443755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580653)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.75.214.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580653/; classtype:trojan-activity;sid:81443753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580651)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"116.75.246.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580651/; classtype:trojan-activity;sid:81443751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580649)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"116.75.247.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580649/; classtype:trojan-activity;sid:81443749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580650)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"119.166.144.90"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580650/; classtype:trojan-activity;sid:81443750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580648)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.75.213.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580648/; classtype:trojan-activity;sid:81443748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580646)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.75.192.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580646/; classtype:trojan-activity;sid:81443746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580642)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"116.74.24.123"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580642/; classtype:trojan-activity;sid:81443742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580641)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.74.24.133"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580641/; classtype:trojan-activity;sid:81443741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580643)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.74.47.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580643/; classtype:trojan-activity;sid:81443743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580644)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.75.106.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580644/; classtype:trojan-activity;sid:81443744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580645)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.75.109.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580645/; classtype:trojan-activity;sid:81443745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580638)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"116.75.123.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580638/; classtype:trojan-activity;sid:81443738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580639)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.75.198.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580639/; classtype:trojan-activity;sid:81443739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580637)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.74.20.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580637/; classtype:trojan-activity;sid:81443737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580636)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.72.90.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580636/; classtype:trojan-activity;sid:81443736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580635)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.74.16.207"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580635/; classtype:trojan-activity;sid:81443735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580634)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.74.21.41"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580634/; classtype:trojan-activity;sid:81443734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580633)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.73.210.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580633/; classtype:trojan-activity;sid:81443733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580632)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.73.193.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580632/; classtype:trojan-activity;sid:81443732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580631)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.74.132.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580631/; classtype:trojan-activity;sid:81443731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580628)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"116.74.132.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580628/; classtype:trojan-activity;sid:81443728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580629)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.74.170.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580629/; classtype:trojan-activity;sid:81443729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580627)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"116.72.203.124"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580627/; classtype:trojan-activity;sid:81443727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580626)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.74.133.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580626/; classtype:trojan-activity;sid:81443726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580625)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.99.252.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580625/; classtype:trojan-activity;sid:81443725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580624)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.114.183.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580624/; classtype:trojan-activity;sid:81443724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580621)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.99.69.13"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580621/; classtype:trojan-activity;sid:81443721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580619)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.99.87.207"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580619/; classtype:trojan-activity;sid:81443719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580622)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.99.91.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580622/; classtype:trojan-activity;sid:81443722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580620)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.99.96.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580620/; classtype:trojan-activity;sid:81443720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580623)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.72.195.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580623/; classtype:trojan-activity;sid:81443723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580618)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/1qnlmmw/"; http_uri; depth:18; isdataat:!1,relative; content:"capquangviet.vn"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580618/; classtype:trojan-activity;sid:81443718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580617)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.99.138.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580617/; classtype:trojan-activity;sid:81443717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580616)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"115.99.198.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580616/; classtype:trojan-activity;sid:81443716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580614)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.99.235.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580614/; classtype:trojan-activity;sid:81443714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580615)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.99.237.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580615/; classtype:trojan-activity;sid:81443715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580612)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"115.99.138.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580612/; classtype:trojan-activity;sid:81443712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580609)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"115.99.164.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580609/; classtype:trojan-activity;sid:81443709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580611)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.99.198.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580611/; classtype:trojan-activity;sid:81443711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580610)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"115.99.198.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580610/; classtype:trojan-activity;sid:81443710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580608)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.99.214.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580608/; classtype:trojan-activity;sid:81443708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580607)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.99.106.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580607/; classtype:trojan-activity;sid:81443707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580604)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"115.98.50.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580604/; classtype:trojan-activity;sid:81443704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580606)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"115.98.51.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580606/; classtype:trojan-activity;sid:81443706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580605)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.98.59.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580605/; classtype:trojan-activity;sid:81443705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580602)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.97.81.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580602/; classtype:trojan-activity;sid:81443702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580600)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"115.97.82.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580600/; classtype:trojan-activity;sid:81443700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580601)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.98.236.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580601/; classtype:trojan-activity;sid:81443701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580599)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.97.102.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580599/; classtype:trojan-activity;sid:81443699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580598)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.97.31.228"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580598/; classtype:trojan-activity;sid:81443698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580596)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"115.97.141.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580596/; classtype:trojan-activity;sid:81443696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580595)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"115.97.19.230"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580595/; classtype:trojan-activity;sid:81443695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580594)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"115.97.206.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580594/; classtype:trojan-activity;sid:81443694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580597)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.97.31.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580597/; classtype:trojan-activity;sid:81443697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580591)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.97.138.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580591/; classtype:trojan-activity;sid:81443691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580593)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"115.97.19.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580593/; classtype:trojan-activity;sid:81443693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580592)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.97.30.35"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580592/; classtype:trojan-activity;sid:81443692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580588)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.96.186.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580588/; classtype:trojan-activity;sid:81443688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580586)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"115.96.133.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580586/; classtype:trojan-activity;sid:81443686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580587)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"115.96.199.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580587/; classtype:trojan-activity;sid:81443687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580582)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.55.206.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580582/; classtype:trojan-activity;sid:81443682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580584)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"115.58.19.149"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580584/; classtype:trojan-activity;sid:81443684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580583)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.63.36.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580583/; classtype:trojan-activity;sid:81443683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580581)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.55.200.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580581/; classtype:trojan-activity;sid:81443681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580580)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"115.96.117.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580580/; classtype:trojan-activity;sid:81443680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580579)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.96.118.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580579/; classtype:trojan-activity;sid:81443679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580576)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"115.51.121.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580576/; classtype:trojan-activity;sid:81443676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580575)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.55.141.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580575/; classtype:trojan-activity;sid:81443675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580577)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.59.201.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580577/; classtype:trojan-activity;sid:81443677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580578)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"115.61.172.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580578/; classtype:trojan-activity;sid:81443678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580573)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.50.211.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580573/; classtype:trojan-activity;sid:81443673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580574)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.50.233.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580574/; classtype:trojan-activity;sid:81443674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580572)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"115.52.18.196"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580572/; classtype:trojan-activity;sid:81443672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580565)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"112.252.238.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580565/; classtype:trojan-activity;sid:81443665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580569)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"112.255.158.120"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580569/; classtype:trojan-activity;sid:81443669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580567)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"112.27.124.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580567/; classtype:trojan-activity;sid:81443667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580571)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"113.116.89.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580571/; classtype:trojan-activity;sid:81443671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580568)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"113.9.129.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580568/; classtype:trojan-activity;sid:81443668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580566)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"115.50.184.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580566/; classtype:trojan-activity;sid:81443666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580564)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"112.252.125.99"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580564/; classtype:trojan-activity;sid:81443664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580563)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"103.73.153.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580563/; classtype:trojan-activity;sid:81443663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580562)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"112.225.21.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580562/; classtype:trojan-activity;sid:81443662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580561)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"112.238.108.12"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580561/; classtype:trojan-activity;sid:81443661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580560)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"112.173.239.113"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580560/; classtype:trojan-activity;sid:81443660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580559)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"103.235.164.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580559/; classtype:trojan-activity;sid:81443659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580558)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"103.235.165.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580558/; classtype:trojan-activity;sid:81443658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580557)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.40.111.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580557/; classtype:trojan-activity;sid:81443657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580555)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.92.61.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580555/; classtype:trojan-activity;sid:81443655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580553)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"112.237.226.28"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580553/; classtype:trojan-activity;sid:81443653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580556)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"112.238.148.213"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580556/; classtype:trojan-activity;sid:81443656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580554)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"112.239.124.163"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580554/; classtype:trojan-activity;sid:81443654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580552)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"103.82.145.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580552/; classtype:trojan-activity;sid:81443652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580551)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"112.238.55.0"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580551/; classtype:trojan-activity;sid:81443651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580550)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"60.7.100.178"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580550/; classtype:trojan-activity;sid:81443650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580549)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"61.52.187.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580549/; classtype:trojan-activity;sid:81443649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580548)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"61.52.63.41"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580548/; classtype:trojan-activity;sid:81443648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580547)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"60.243.48.228"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580547/; classtype:trojan-activity;sid:81443647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580544)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"61.168.142.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580544/; classtype:trojan-activity;sid:81443644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580545)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"61.179.90.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580545/; classtype:trojan-activity;sid:81443645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580543)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"61.52.102.82"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580543/; classtype:trojan-activity;sid:81443643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580540)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"61.52.245.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580540/; classtype:trojan-activity;sid:81443640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580542)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"61.52.99.226"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580542/; classtype:trojan-activity;sid:81443642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580541)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"61.53.239.105"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580541/; classtype:trojan-activity;sid:81443641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580539)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"84.213.177.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580539/; classtype:trojan-activity;sid:81443639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580536)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.72.202.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580536/; classtype:trojan-activity;sid:81443636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580537)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"123.9.218.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580537/; classtype:trojan-activity;sid:81443637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580535)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"112.133.197.70"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580535/; classtype:trojan-activity;sid:81443635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580534)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"60.243.248.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580534/; classtype:trojan-activity;sid:81443634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580531)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"60.243.123.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580531/; classtype:trojan-activity;sid:81443631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580530)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"60.211.101.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580530/; classtype:trojan-activity;sid:81443630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580528)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.97.123.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580528/; classtype:trojan-activity;sid:81443628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580527)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"124.131.41.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580527/; classtype:trojan-activity;sid:81443627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580525)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"60.243.121.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580525/; classtype:trojan-activity;sid:81443625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580522)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"123.129.26.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580522/; classtype:trojan-activity;sid:81443622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580524)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"60.243.118.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580524/; classtype:trojan-activity;sid:81443624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580520)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.74.92.15"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580520/; classtype:trojan-activity;sid:81443620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580519)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"112.254.11.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580519/; classtype:trojan-activity;sid:81443619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580518)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"60.243.120.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580518/; classtype:trojan-activity;sid:81443618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580513)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.98.146.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580513/; classtype:trojan-activity;sid:81443613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580516)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"123.11.39.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580516/; classtype:trojan-activity;sid:81443616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580514)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.194.156.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580514/; classtype:trojan-activity;sid:81443614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580515)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.216.110.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580515/; classtype:trojan-activity;sid:81443615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580512)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.234.243.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580512/; classtype:trojan-activity;sid:81443612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580517)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"60.243.118.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580517/; classtype:trojan-activity;sid:81443617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580510)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"59.177.76.86"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580510/; classtype:trojan-activity;sid:81443610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580509)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"58.223.135.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580509/; classtype:trojan-activity;sid:81443609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580507)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"60.209.112.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580507/; classtype:trojan-activity;sid:81443607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580505)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"60.209.87.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580505/; classtype:trojan-activity;sid:81443605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580506)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"60.215.180.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580506/; classtype:trojan-activity;sid:81443606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580500)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.229.234.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580500/; classtype:trojan-activity;sid:81443600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580501)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.234.237.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580501/; classtype:trojan-activity;sid:81443601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580504)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.234.87.159"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580504/; classtype:trojan-activity;sid:81443604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580503)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"42.235.96.246"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580503/; classtype:trojan-activity;sid:81443603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580502)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.239.148.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580502/; classtype:trojan-activity;sid:81443602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580495)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"42.230.14.31"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580495/; classtype:trojan-activity;sid:81443595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580498)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"42.232.72.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580498/; classtype:trojan-activity;sid:81443598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580497)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.235.65.173"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580497/; classtype:trojan-activity;sid:81443597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580494)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"39.79.186.245"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580494/; classtype:trojan-activity;sid:81443594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580492)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"39.88.189.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580492/; classtype:trojan-activity;sid:81443592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580491)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"42.224.118.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580491/; classtype:trojan-activity;sid:81443591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580486)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"39.74.142.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580486/; classtype:trojan-activity;sid:81443586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580483)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"39.74.164.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580483/; classtype:trojan-activity;sid:81443583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580484)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"39.74.243.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580484/; classtype:trojan-activity;sid:81443584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580487)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"39.79.43.110"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580487/; classtype:trojan-activity;sid:81443587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580485)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"39.86.162.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580485/; classtype:trojan-activity;sid:81443585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580482)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"42.224.69.253"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580482/; classtype:trojan-activity;sid:81443582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580490)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.225.202.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580490/; classtype:trojan-activity;sid:81443590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580489)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"42.228.45.240"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580489/; classtype:trojan-activity;sid:81443589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580488)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"42.228.78.232"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_21; reference:url, urlhaus.abuse.ch/url/580488/; classtype:trojan-activity;sid:81443588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580481)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.7.177.83"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580481/; classtype:trojan-activity;sid:81443581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580480)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"27.7.18.14"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580480/; classtype:trojan-activity;sid:81443580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580479)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.7.9.157"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580479/; classtype:trojan-activity;sid:81443579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580477)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.7.175.233"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580477/; classtype:trojan-activity;sid:81443577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580478)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.7.7.55"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580478/; classtype:trojan-activity;sid:81443578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580474)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"39.73.241.138"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580474/; classtype:trojan-activity;sid:81443574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580476)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"39.73.73.224"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580476/; classtype:trojan-activity;sid:81443576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580475)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"39.74.138.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580475/; classtype:trojan-activity;sid:81443575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580473)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.7.148.4"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580473/; classtype:trojan-activity;sid:81443573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580472)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"27.7.148.198"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580472/; classtype:trojan-activity;sid:81443572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580469)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"27.7.153.120"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580469/; classtype:trojan-activity;sid:81443569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580471)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.7.156.232"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580471/; classtype:trojan-activity;sid:81443571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580470)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"27.7.17.159"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580470/; classtype:trojan-activity;sid:81443570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580468)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.7.161.183"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580468/; classtype:trojan-activity;sid:81443568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580467)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.7.162.187"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580467/; classtype:trojan-activity;sid:81443567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580466)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"27.6.201.35"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580466/; classtype:trojan-activity;sid:81443566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580465)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.6.91.77"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580465/; classtype:trojan-activity;sid:81443565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580464)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.7.109.184"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580464/; classtype:trojan-activity;sid:81443564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580463)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.6.108.172"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580463/; classtype:trojan-activity;sid:81443563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580462)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"27.6.143.50"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580462/; classtype:trojan-activity;sid:81443562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580461)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.6.187.135"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580461/; classtype:trojan-activity;sid:81443561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580459)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"27.5.45.61"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580459/; classtype:trojan-activity;sid:81443559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580458)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.6.188.247"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580458/; classtype:trojan-activity;sid:81443558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580460)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"27.6.191.172"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580460/; classtype:trojan-activity;sid:81443560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580451)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.4.168.141"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580451/; classtype:trojan-activity;sid:81443551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580457)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.5.31.143"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580457/; classtype:trojan-activity;sid:81443557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580450)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.5.45.158"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580450/; classtype:trojan-activity;sid:81443550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580449)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.6.104.147"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580449/; classtype:trojan-activity;sid:81443549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580455)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"27.6.122.100"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580455/; classtype:trojan-activity;sid:81443555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580453)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"27.6.138.36"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580453/; classtype:trojan-activity;sid:81443553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580452)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.6.143.50"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580452/; classtype:trojan-activity;sid:81443552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580456)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.6.166.94"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580456/; classtype:trojan-activity;sid:81443556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580454)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.6.187.49"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580454/; classtype:trojan-activity;sid:81443554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580448)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.98.22.115"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580448/; classtype:trojan-activity;sid:81443548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580447)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"120.59.124.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580447/; classtype:trojan-activity;sid:81443547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580445)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.97.81.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580445/; classtype:trojan-activity;sid:81443545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580446)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.97.83.38"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580446/; classtype:trojan-activity;sid:81443546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580444)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.74.133.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580444/; classtype:trojan-activity;sid:81443544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580442)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"186.29.190.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580442/; classtype:trojan-activity;sid:81443542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580443)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"27.210.10.245"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580443/; classtype:trojan-activity;sid:81443543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580441)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"123.9.71.158"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580441/; classtype:trojan-activity;sid:81443541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580440)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"115.98.200.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580440/; classtype:trojan-activity;sid:81443540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580439)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"115.99.156.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580439/; classtype:trojan-activity;sid:81443539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580438)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"115.99.30.144"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580438/; classtype:trojan-activity;sid:81443538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580436)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.56.182.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580436/; classtype:trojan-activity;sid:81443536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580437)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"124.131.155.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580437/; classtype:trojan-activity;sid:81443537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580435)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"112.249.236.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580435/; classtype:trojan-activity;sid:81443535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580433)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.50.223.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580433/; classtype:trojan-activity;sid:81443533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580432)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.58.41.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580432/; classtype:trojan-activity;sid:81443532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580434)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"220.202.74.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580434/; classtype:trojan-activity;sid:81443534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580430)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"125.43.73.232"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580430/; classtype:trojan-activity;sid:81443530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580431)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.119.181.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580431/; classtype:trojan-activity;sid:81443531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580429)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.55.203.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580429/; classtype:trojan-activity;sid:81443529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580428)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"123.130.175.99"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580428/; classtype:trojan-activity;sid:81443528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580427)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"116.75.115.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580427/; classtype:trojan-activity;sid:81443527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580426)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"182.120.38.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580426/; classtype:trojan-activity;sid:81443526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580425)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"221.198.141.102"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580425/; classtype:trojan-activity;sid:81443525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580423)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"115.97.80.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580423/; classtype:trojan-activity;sid:81443523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580424)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.99.157.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580424/; classtype:trojan-activity;sid:81443524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580422)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"221.14.106.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580422/; classtype:trojan-activity;sid:81443522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580421)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.99.168.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580421/; classtype:trojan-activity;sid:81443521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580417)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"125.43.51.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580417/; classtype:trojan-activity;sid:81443517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580420)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.122.245.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580420/; classtype:trojan-activity;sid:81443520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580418)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"202.88.221.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580418/; classtype:trojan-activity;sid:81443518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580419)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"27.193.201.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580419/; classtype:trojan-activity;sid:81443519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580416)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"119.178.249.138"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580416/; classtype:trojan-activity;sid:81443516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580415)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.206.93.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580415/; classtype:trojan-activity;sid:81443515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580411)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.99.132.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580411/; classtype:trojan-activity;sid:81443511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580412)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"123.130.58.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580412/; classtype:trojan-activity;sid:81443512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580414)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.119.63.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580414/; classtype:trojan-activity;sid:81443514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580413)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.193.136.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580413/; classtype:trojan-activity;sid:81443513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580409)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"116.74.51.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580409/; classtype:trojan-activity;sid:81443509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580410)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"219.157.240.56"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580410/; classtype:trojan-activity;sid:81443510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580408)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.98.148.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580408/; classtype:trojan-activity;sid:81443508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580406)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.58.135.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580406/; classtype:trojan-activity;sid:81443506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580405)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"125.43.88.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580405/; classtype:trojan-activity;sid:81443505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580407)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"125.45.120.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580407/; classtype:trojan-activity;sid:81443507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580404)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"202.88.138.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580404/; classtype:trojan-activity;sid:81443504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580403)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"27.213.105.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580403/; classtype:trojan-activity;sid:81443503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580402)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.97.31.174"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580402/; classtype:trojan-activity;sid:81443502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580401)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.116.68.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580401/; classtype:trojan-activity;sid:81443501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580400)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.127.115.249"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580400/; classtype:trojan-activity;sid:81443500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580398)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.96.104.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580398/; classtype:trojan-activity;sid:81443498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580397)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.97.30.168"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580397/; classtype:trojan-activity;sid:81443497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580399)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.194.189.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580399/; classtype:trojan-activity;sid:81443499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580395)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.52.10.165"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580395/; classtype:trojan-activity;sid:81443495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580393)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.56.149.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580393/; classtype:trojan-activity;sid:81443493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580396)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.112.55.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580396/; classtype:trojan-activity;sid:81443496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580394)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"186.31.23.188"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580394/; classtype:trojan-activity;sid:81443494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580392)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"115.99.237.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580392/; classtype:trojan-activity;sid:81443492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580391)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"125.43.18.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580391/; classtype:trojan-activity;sid:81443491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580390)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.207.69.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580390/; classtype:trojan-activity;sid:81443490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580388)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"115.96.137.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580388/; classtype:trojan-activity;sid:81443488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580387)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"116.75.207.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580387/; classtype:trojan-activity;sid:81443487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580386)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.59.188.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580386/; classtype:trojan-activity;sid:81443486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580389)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"219.155.160.53"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580389/; classtype:trojan-activity;sid:81443489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580385)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"123.130.5.149"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580385/; classtype:trojan-activity;sid:81443485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580383)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.75.197.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580383/; classtype:trojan-activity;sid:81443483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580384)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"121.189.196.12"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580384/; classtype:trojan-activity;sid:81443484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580382)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.97.81.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580382/; classtype:trojan-activity;sid:81443482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580380)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.99.115.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580380/; classtype:trojan-activity;sid:81443480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580381)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.120.62.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580381/; classtype:trojan-activity;sid:81443481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580379)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"222.133.97.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580379/; classtype:trojan-activity;sid:81443479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580378)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"125.41.233.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580378/; classtype:trojan-activity;sid:81443478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580377)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.193.23.1"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580377/; classtype:trojan-activity;sid:81443477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580376)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"115.217.130.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580376/; classtype:trojan-activity;sid:81443476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580375)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"222.136.29.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580375/; classtype:trojan-activity;sid:81443475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580373)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.55.210.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580373/; classtype:trojan-activity;sid:81443473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580372)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.74.82.202"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580372/; classtype:trojan-activity;sid:81443472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580368)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"119.165.5.102"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580368/; classtype:trojan-activity;sid:81443468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580369)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"125.42.127.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580369/; classtype:trojan-activity;sid:81443469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580370)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"125.99.234.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580370/; classtype:trojan-activity;sid:81443470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580374)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"222.137.2.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580374/; classtype:trojan-activity;sid:81443474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580371)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.207.41.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580371/; classtype:trojan-activity;sid:81443471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580366)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.58.187.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580366/; classtype:trojan-activity;sid:81443466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580363)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"115.99.131.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580363/; classtype:trojan-activity;sid:81443463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580367)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.72.108.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580367/; classtype:trojan-activity;sid:81443467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580365)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"123.14.206.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580365/; classtype:trojan-activity;sid:81443465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580364)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.117.71.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580364/; classtype:trojan-activity;sid:81443464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580362)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"27.202.42.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580362/; classtype:trojan-activity;sid:81443462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580361)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.98.61.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580361/; classtype:trojan-activity;sid:81443461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580360)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"115.99.105.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580360/; classtype:trojan-activity;sid:81443460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580357)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.119.15.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580357/; classtype:trojan-activity;sid:81443457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580359)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"202.110.76.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580359/; classtype:trojan-activity;sid:81443459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580358)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"27.217.59.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580358/; classtype:trojan-activity;sid:81443458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580355)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.56.141.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580355/; classtype:trojan-activity;sid:81443455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580354)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"222.138.123.250"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580354/; classtype:trojan-activity;sid:81443454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580356)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.216.99.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580356/; classtype:trojan-activity;sid:81443456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580353)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"123.129.10.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580353/; classtype:trojan-activity;sid:81443453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580352)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"115.54.199.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580352/; classtype:trojan-activity;sid:81443452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580347)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"115.55.141.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580347/; classtype:trojan-activity;sid:81443447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580351)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.58.91.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580351/; classtype:trojan-activity;sid:81443451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580349)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.96.146.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580349/; classtype:trojan-activity;sid:81443449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580350)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"115.99.96.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580350/; classtype:trojan-activity;sid:81443450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580348)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.127.182.78"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580348/; classtype:trojan-activity;sid:81443448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580346)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"119.163.161.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580346/; classtype:trojan-activity;sid:81443446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580345)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"182.126.87.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580345/; classtype:trojan-activity;sid:81443445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580340)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.98.50.20"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580340/; classtype:trojan-activity;sid:81443440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580341)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.75.165.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580341/; classtype:trojan-activity;sid:81443441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580343)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"123.232.73.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580343/; classtype:trojan-activity;sid:81443443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580342)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"125.43.89.172"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580342/; classtype:trojan-activity;sid:81443442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580344)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"221.15.126.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580344/; classtype:trojan-activity;sid:81443444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580339)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.75.100.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580339/; classtype:trojan-activity;sid:81443439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580337)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.98.184.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580337/; classtype:trojan-activity;sid:81443437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580338)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"123.14.92.87"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580338/; classtype:trojan-activity;sid:81443438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580336)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"222.141.253.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580336/; classtype:trojan-activity;sid:81443436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580334)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"116.72.45.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580334/; classtype:trojan-activity;sid:81443434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580333)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.112.17.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580333/; classtype:trojan-activity;sid:81443433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580332)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"190.27.57.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580332/; classtype:trojan-activity;sid:81443432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580335)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"27.219.179.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580335/; classtype:trojan-activity;sid:81443435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580331)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"112.27.124.124"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580331/; classtype:trojan-activity;sid:81443431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580329)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.50.175.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580329/; classtype:trojan-activity;sid:81443429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580328)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.75.197.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580328/; classtype:trojan-activity;sid:81443428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580330)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.121.206.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580330/; classtype:trojan-activity;sid:81443430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580327)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"115.99.248.143"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580327/; classtype:trojan-activity;sid:81443427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580325)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"222.140.171.214"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580325/; classtype:trojan-activity;sid:81443425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580326)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"27.204.238.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580326/; classtype:trojan-activity;sid:81443426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580324)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"27.202.114.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580324/; classtype:trojan-activity;sid:81443424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580323)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.99.79.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580323/; classtype:trojan-activity;sid:81443423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580322)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.75.195.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580322/; classtype:trojan-activity;sid:81443422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580320)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"112.238.58.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580320/; classtype:trojan-activity;sid:81443420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580321)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.74.27.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580321/; classtype:trojan-activity;sid:81443421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580319)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.75.112.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580319/; classtype:trojan-activity;sid:81443419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580315)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.97.196.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580315/; classtype:trojan-activity;sid:81443415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580316)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"115.97.83.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580316/; classtype:trojan-activity;sid:81443416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580318)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"221.15.179.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580318/; classtype:trojan-activity;sid:81443418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580317)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"222.141.148.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580317/; classtype:trojan-activity;sid:81443417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580313)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.97.199.1"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580313/; classtype:trojan-activity;sid:81443413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580314)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.97.7.66"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580314/; classtype:trojan-activity;sid:81443414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580311)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"221.214.236.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580311/; classtype:trojan-activity;sid:81443411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580312)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"222.138.237.241"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580312/; classtype:trojan-activity;sid:81443412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580310)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"123.10.45.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580310/; classtype:trojan-activity;sid:81443410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580309)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.121.157.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580309/; classtype:trojan-activity;sid:81443409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580308)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.74.120.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580308/; classtype:trojan-activity;sid:81443408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580307)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"119.165.93.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580307/; classtype:trojan-activity;sid:81443407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580305)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.99.13.241"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580305/; classtype:trojan-activity;sid:81443405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580306)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.75.71.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580306/; classtype:trojan-activity;sid:81443406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580304)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.63.22.12"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580304/; classtype:trojan-activity;sid:81443404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580303)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"116.73.83.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580303/; classtype:trojan-activity;sid:81443403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580302)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"222.142.210.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580302/; classtype:trojan-activity;sid:81443402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580300)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.98.185.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580300/; classtype:trojan-activity;sid:81443400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580301)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"119.179.249.132"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580301/; classtype:trojan-activity;sid:81443401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580298)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"112.255.60.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580298/; classtype:trojan-activity;sid:81443398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580299)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.96.108.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580299/; classtype:trojan-activity;sid:81443399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580297)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.75.196.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580297/; classtype:trojan-activity;sid:81443397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580296)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.120.50.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580296/; classtype:trojan-activity;sid:81443396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580295)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"222.142.176.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580295/; classtype:trojan-activity;sid:81443395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580294)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"116.75.193.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580294/; classtype:trojan-activity;sid:81443394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580293)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"116.75.165.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580293/; classtype:trojan-activity;sid:81443393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580292)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"27.202.73.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580292/; classtype:trojan-activity;sid:81443392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580291)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"125.43.75.208"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580291/; classtype:trojan-activity;sid:81443391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580290)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"190.27.23.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580290/; classtype:trojan-activity;sid:81443390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580289)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.96.150.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580289/; classtype:trojan-activity;sid:81443389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580288)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.97.19.188"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580288/; classtype:trojan-activity;sid:81443388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580287)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.202.46.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580287/; classtype:trojan-activity;sid:81443387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580286)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.99.116.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580286/; classtype:trojan-activity;sid:81443386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580285)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"123.4.243.214"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580285/; classtype:trojan-activity;sid:81443385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580284)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.96.123.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580284/; classtype:trojan-activity;sid:81443384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580282)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"171.34.114.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580282/; classtype:trojan-activity;sid:81443382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580280)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.113.194.233"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580280/; classtype:trojan-activity;sid:81443380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580283)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"222.138.122.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580283/; classtype:trojan-activity;sid:81443383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580281)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.215.163.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580281/; classtype:trojan-activity;sid:81443381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580279)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"112.249.239.249"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580279/; classtype:trojan-activity;sid:81443379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580276)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"116.75.206.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580276/; classtype:trojan-activity;sid:81443376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580277)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.75.83.87"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580277/; classtype:trojan-activity;sid:81443377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580278)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.193.194.255"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580278/; classtype:trojan-activity;sid:81443378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580275)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.55.197.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580275/; classtype:trojan-activity;sid:81443375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580274)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"123.14.95.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580274/; classtype:trojan-activity;sid:81443374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580273)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"182.119.21.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580273/; classtype:trojan-activity;sid:81443373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580272)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.112.51.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580272/; classtype:trojan-activity;sid:81443372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580270)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.98.32.233"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580270/; classtype:trojan-activity;sid:81443370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580269)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"115.99.197.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580269/; classtype:trojan-activity;sid:81443369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580271)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"221.0.163.26"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580271/; classtype:trojan-activity;sid:81443371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580267)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.72.85.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580267/; classtype:trojan-activity;sid:81443367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580268)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"123.130.142.102"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580268/; classtype:trojan-activity;sid:81443368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580266)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.210.15.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580266/; classtype:trojan-activity;sid:81443366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580265)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.215.222.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580265/; classtype:trojan-activity;sid:81443365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580264)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"112.248.177.92"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580264/; classtype:trojan-activity;sid:81443364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580263)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.75.192.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580263/; classtype:trojan-activity;sid:81443363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580262)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.75.244.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580262/; classtype:trojan-activity;sid:81443362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580261)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"182.116.116.218"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580261/; classtype:trojan-activity;sid:81443361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580260)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"182.121.135.149"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580260/; classtype:trojan-activity;sid:81443360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580259)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.127.100.67"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580259/; classtype:trojan-activity;sid:81443359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580258)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"116.72.58.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580258/; classtype:trojan-activity;sid:81443358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580255)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"124.131.155.222"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580255/; classtype:trojan-activity;sid:81443355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580254)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"219.156.19.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580254/; classtype:trojan-activity;sid:81443354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580257)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"222.141.93.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580257/; classtype:trojan-activity;sid:81443357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580256)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"27.219.17.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580256/; classtype:trojan-activity;sid:81443356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580253)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"103.75.219.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580253/; classtype:trojan-activity;sid:81443353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580252)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"103.197.118.249"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580252/; classtype:trojan-activity;sid:81443352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580251)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"103.97.136.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580251/; classtype:trojan-activity;sid:81443351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580250)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"106.0.58.224"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580250/; classtype:trojan-activity;sid:81443350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580248)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"103.82.222.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580248/; classtype:trojan-activity;sid:81443348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580249)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"112.225.91.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580249/; classtype:trojan-activity;sid:81443349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580246)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"112.226.6.149"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580246/; classtype:trojan-activity;sid:81443346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580243)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"112.237.13.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580243/; classtype:trojan-activity;sid:81443343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580244)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"112.237.158.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580244/; classtype:trojan-activity;sid:81443344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580245)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"112.237.66.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580245/; classtype:trojan-activity;sid:81443345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580247)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"112.238.239.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580247/; classtype:trojan-activity;sid:81443347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580242)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"60.254.97.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580242/; classtype:trojan-activity;sid:81443342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580240)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"61.52.100.26"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580240/; classtype:trojan-activity;sid:81443340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580241)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"61.54.58.87"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580241/; classtype:trojan-activity;sid:81443341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580239)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"61.179.91.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580239/; classtype:trojan-activity;sid:81443339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580237)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"60.254.60.233"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580237/; classtype:trojan-activity;sid:81443337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580238)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"61.179.90.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580238/; classtype:trojan-activity;sid:81443338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580236)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"61.53.51.217"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580236/; classtype:trojan-activity;sid:81443336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580235)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"60.254.98.207"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580235/; classtype:trojan-activity;sid:81443335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580234)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"61.52.246.88"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580234/; classtype:trojan-activity;sid:81443334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580232)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"61.52.47.80"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580232/; classtype:trojan-activity;sid:81443332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580233)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"61.53.124.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580233/; classtype:trojan-activity;sid:81443333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580230)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"61.53.249.41"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580230/; classtype:trojan-activity;sid:81443330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580231)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"61.54.79.227"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580231/; classtype:trojan-activity;sid:81443331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580229)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"60.254.107.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580229/; classtype:trojan-activity;sid:81443329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580228)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"60.243.165.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580228/; classtype:trojan-activity;sid:81443328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580227)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"60.243.232.143"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580227/; classtype:trojan-activity;sid:81443327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580225)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"60.243.162.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580225/; classtype:trojan-activity;sid:81443325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580226)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"60.243.180.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580226/; classtype:trojan-activity;sid:81443326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580224)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"60.243.122.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580224/; classtype:trojan-activity;sid:81443324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580223)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"60.243.120.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580223/; classtype:trojan-activity;sid:81443323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580222)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"60.243.114.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580222/; classtype:trojan-activity;sid:81443322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580221)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"60.243.116.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580221/; classtype:trojan-activity;sid:81443321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580220)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"59.180.141.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580220/; classtype:trojan-activity;sid:81443320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580219)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"59.180.130.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580219/; classtype:trojan-activity;sid:81443319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580218)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"60.209.75.27"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580218/; classtype:trojan-activity;sid:81443318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580217)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"59.177.36.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580217/; classtype:trojan-activity;sid:81443317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580216)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"60.174.21.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580216/; classtype:trojan-activity;sid:81443316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580214)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"60.209.204.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580214/; classtype:trojan-activity;sid:81443314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580215)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"60.211.57.115"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580215/; classtype:trojan-activity;sid:81443315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580213)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.234.226.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580213/; classtype:trojan-activity;sid:81443313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580204)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.230.3.33"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580204/; classtype:trojan-activity;sid:81443304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580212)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"42.230.33.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580212/; classtype:trojan-activity;sid:81443312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580203)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"42.231.168.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580203/; classtype:trojan-activity;sid:81443303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580206)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"42.232.216.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580206/; classtype:trojan-activity;sid:81443306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580205)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.235.140.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580205/; classtype:trojan-activity;sid:81443305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580207)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"42.235.28.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580207/; classtype:trojan-activity;sid:81443307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580210)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.235.66.113"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580210/; classtype:trojan-activity;sid:81443310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580208)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.236.215.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580208/; classtype:trojan-activity;sid:81443308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580209)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"42.236.215.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580209/; classtype:trojan-activity;sid:81443309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580211)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.238.100.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580211/; classtype:trojan-activity;sid:81443311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580202)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"41.86.19.200"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580202/; classtype:trojan-activity;sid:81443302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580201)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"39.89.125.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580201/; classtype:trojan-activity;sid:81443301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580195)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"39.79.39.180"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580195/; classtype:trojan-activity;sid:81443295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580194)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"39.86.163.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580194/; classtype:trojan-activity;sid:81443294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580192)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"39.88.29.224"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580192/; classtype:trojan-activity;sid:81443292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580198)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.224.63.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580198/; classtype:trojan-activity;sid:81443298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580193)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"42.225.16.124"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580193/; classtype:trojan-activity;sid:81443293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580199)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.225.223.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580199/; classtype:trojan-activity;sid:81443299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580197)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.225.238.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580197/; classtype:trojan-activity;sid:81443297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580200)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.227.244.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580200/; classtype:trojan-activity;sid:81443300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580196)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.230.11.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580196/; classtype:trojan-activity;sid:81443296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580191)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.7.186.43"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580191/; classtype:trojan-activity;sid:81443291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580189)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.7.179.137"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580189/; classtype:trojan-activity;sid:81443289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580190)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"36.105.59.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580190/; classtype:trojan-activity;sid:81443290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580188)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"27.7.152.216"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580188/; classtype:trojan-activity;sid:81443288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580187)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"27.7.6.81"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580187/; classtype:trojan-activity;sid:81443287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580184)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"39.65.28.197"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580184/; classtype:trojan-activity;sid:81443284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580183)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"39.73.108.196"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580183/; classtype:trojan-activity;sid:81443283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580186)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"39.77.63.71"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580186/; classtype:trojan-activity;sid:81443286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580182)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"39.78.4.184"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580182/; classtype:trojan-activity;sid:81443282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580185)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"39.79.134.234"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580185/; classtype:trojan-activity;sid:81443285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580181)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.7.14.202"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580181/; classtype:trojan-activity;sid:81443281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580180)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"27.7.109.237"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580180/; classtype:trojan-activity;sid:81443280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580179)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.6.53.87"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580179/; classtype:trojan-activity;sid:81443279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580178)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.6.90.22"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580178/; classtype:trojan-activity;sid:81443278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580176)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.7.129.249"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580176/; classtype:trojan-activity;sid:81443276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580177)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.7.147.58"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580177/; classtype:trojan-activity;sid:81443277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580175)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.7.151.180"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580175/; classtype:trojan-activity;sid:81443275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580172)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.6.30.242"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580172/; classtype:trojan-activity;sid:81443272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580174)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.6.55.83"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580174/; classtype:trojan-activity;sid:81443274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580171)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.7.111.214"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580171/; classtype:trojan-activity;sid:81443271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580173)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"27.7.149.248"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580173/; classtype:trojan-activity;sid:81443273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580170)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.6.196.204"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580170/; classtype:trojan-activity;sid:81443270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580169)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.6.146.212"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580169/; classtype:trojan-activity;sid:81443269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580168)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.6.186.64"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580168/; classtype:trojan-activity;sid:81443268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580167)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.6.199.205"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580167/; classtype:trojan-activity;sid:81443267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580166)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.6.134.46"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580166/; classtype:trojan-activity;sid:81443266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580165)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.5.46.113"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580165/; classtype:trojan-activity;sid:81443265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580162)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.5.42.208"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580162/; classtype:trojan-activity;sid:81443262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580163)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.5.45.105"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580163/; classtype:trojan-activity;sid:81443263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580164)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.6.137.37"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580164/; classtype:trojan-activity;sid:81443264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580161)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.5.45.129"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580161/; classtype:trojan-activity;sid:81443261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580159)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.5.22.62"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580159/; classtype:trojan-activity;sid:81443259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580160)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"27.5.29.251"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580160/; classtype:trojan-activity;sid:81443260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580158)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.207.2.6"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580158/; classtype:trojan-activity;sid:81443258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580156)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.217.165.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580156/; classtype:trojan-activity;sid:81443256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580157)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.4.171.236"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580157/; classtype:trojan-activity;sid:81443257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580154)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.207.224.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580154/; classtype:trojan-activity;sid:81443254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580155)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.210.199.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580155/; classtype:trojan-activity;sid:81443255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580153)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.215.214.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580153/; classtype:trojan-activity;sid:81443253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580152)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.217.1.210"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580152/; classtype:trojan-activity;sid:81443252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580151)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.217.3.89"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580151/; classtype:trojan-activity;sid:81443251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580150)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"27.210.35.107"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580150/; classtype:trojan-activity;sid:81443250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580147)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"222.138.236.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580147/; classtype:trojan-activity;sid:81443247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580148)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"222.140.19.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580148/; classtype:trojan-activity;sid:81443248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580146)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.193.240.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580146/; classtype:trojan-activity;sid:81443246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580149)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.206.235.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580149/; classtype:trojan-activity;sid:81443249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580142)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.194.129.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580142/; classtype:trojan-activity;sid:81443242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580143)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.202.14.241"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580143/; classtype:trojan-activity;sid:81443243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580144)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.207.14.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580144/; classtype:trojan-activity;sid:81443244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580145)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"27.207.180.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580145/; classtype:trojan-activity;sid:81443245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580141)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"221.14.106.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580141/; classtype:trojan-activity;sid:81443241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580140)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"222.137.122.36"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580140/; classtype:trojan-activity;sid:81443240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580139)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"222.138.102.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580139/; classtype:trojan-activity;sid:81443239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580137)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"221.215.207.243"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580137/; classtype:trojan-activity;sid:81443237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580138)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"222.135.134.109"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580138/; classtype:trojan-activity;sid:81443238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580132)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"219.157.25.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580132/; classtype:trojan-activity;sid:81443232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580134)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"219.157.67.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580134/; classtype:trojan-activity;sid:81443234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580133)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"221.14.126.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580133/; classtype:trojan-activity;sid:81443233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580136)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"221.215.75.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580136/; classtype:trojan-activity;sid:81443236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580130)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"221.3.103.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580130/; classtype:trojan-activity;sid:81443230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580131)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"221.3.62.231"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580131/; classtype:trojan-activity;sid:81443231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580135)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"222.136.54.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580135/; classtype:trojan-activity;sid:81443235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580129)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"222.137.166.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580129/; classtype:trojan-activity;sid:81443229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580128)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"203.163.245.100"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580128/; classtype:trojan-activity;sid:81443228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580127)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"203.163.239.45"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580127/; classtype:trojan-activity;sid:81443227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580126)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"210.18.153.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580126/; classtype:trojan-activity;sid:81443226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580124)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"218.95.85.121"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580124/; classtype:trojan-activity;sid:81443224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580123)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"219.155.13.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580123/; classtype:trojan-activity;sid:81443223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580125)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"219.155.99.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580125/; classtype:trojan-activity;sid:81443225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580122)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"190.26.170.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580122/; classtype:trojan-activity;sid:81443222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580121)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"219.155.97.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580121/; classtype:trojan-activity;sid:81443221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580120)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"219.157.160.41"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580120/; classtype:trojan-activity;sid:81443220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580119)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"190.107.240.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580119/; classtype:trojan-activity;sid:81443219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580118)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"187.94.5.82"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580118/; classtype:trojan-activity;sid:81443218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580117)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"186.30.176.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580117/; classtype:trojan-activity;sid:81443217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580115)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.123.249.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580115/; classtype:trojan-activity;sid:81443215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580116)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.56.28.94"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580116/; classtype:trojan-activity;sid:81443216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580114)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.56.224.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580114/; classtype:trojan-activity;sid:81443214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580113)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.127.28.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580113/; classtype:trojan-activity;sid:81443213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580112)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.119.8.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580112/; classtype:trojan-activity;sid:81443212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580109)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.121.128.9"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580109/; classtype:trojan-activity;sid:81443209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580106)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"182.121.206.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580106/; classtype:trojan-activity;sid:81443206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580108)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.121.47.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580108/; classtype:trojan-activity;sid:81443208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580111)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"182.121.96.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580111/; classtype:trojan-activity;sid:81443211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580110)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.126.115.189"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580110/; classtype:trojan-activity;sid:81443210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580107)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.127.4.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580107/; classtype:trojan-activity;sid:81443207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580105)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"182.119.18.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580105/; classtype:trojan-activity;sid:81443205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580104)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.112.56.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580104/; classtype:trojan-activity;sid:81443204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580103)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.117.111.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580103/; classtype:trojan-activity;sid:81443203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580102)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.119.52.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580102/; classtype:trojan-activity;sid:81443202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580101)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"182.117.88.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580101/; classtype:trojan-activity;sid:81443201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580099)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.112.56.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580099/; classtype:trojan-activity;sid:81443199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580093)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.114.50.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580093/; classtype:trojan-activity;sid:81443193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580098)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"182.116.49.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580098/; classtype:trojan-activity;sid:81443198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580100)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.116.67.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580100/; classtype:trojan-activity;sid:81443200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580091)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"182.117.70.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580091/; classtype:trojan-activity;sid:81443191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580095)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.117.73.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580095/; classtype:trojan-activity;sid:81443195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580094)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.117.79.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580094/; classtype:trojan-activity;sid:81443194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580097)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"182.117.90.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580097/; classtype:trojan-activity;sid:81443197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580096)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.119.12.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580096/; classtype:trojan-activity;sid:81443196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580092)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"182.119.229.1"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580092/; classtype:trojan-activity;sid:81443192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580090)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"175.42.34.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580090/; classtype:trojan-activity;sid:81443190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580089)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"125.99.224.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580089/; classtype:trojan-activity;sid:81443189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580088)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"125.99.5.127"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580088/; classtype:trojan-activity;sid:81443188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580087)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"125.44.196.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580087/; classtype:trojan-activity;sid:81443187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580086)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"125.47.162.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580086/; classtype:trojan-activity;sid:81443186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580085)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"125.99.230.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580085/; classtype:trojan-activity;sid:81443185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580084)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"14.178.162.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580084/; classtype:trojan-activity;sid:81443184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580083)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"125.41.81.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580083/; classtype:trojan-activity;sid:81443183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580082)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"125.42.200.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580082/; classtype:trojan-activity;sid:81443182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580081)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"125.44.21.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580081/; classtype:trojan-activity;sid:81443181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580079)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"125.47.64.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580079/; classtype:trojan-activity;sid:81443179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580080)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"125.47.98.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580080/; classtype:trojan-activity;sid:81443180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580078)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"124.107.165.88"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580078/; classtype:trojan-activity;sid:81443178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580077)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"123.4.73.195"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580077/; classtype:trojan-activity;sid:81443177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580074)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"123.14.69.230"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580074/; classtype:trojan-activity;sid:81443174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580070)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"123.4.64.175"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580070/; classtype:trojan-activity;sid:81443170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580069)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"123.9.207.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580069/; classtype:trojan-activity;sid:81443169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580071)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"123.9.217.113"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580071/; classtype:trojan-activity;sid:81443171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580076)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"124.129.228.163"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580076/; classtype:trojan-activity;sid:81443176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580073)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"125.41.136.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580073/; classtype:trojan-activity;sid:81443173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580075)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"125.41.182.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580075/; classtype:trojan-activity;sid:81443175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580072)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"125.41.233.1"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580072/; classtype:trojan-activity;sid:81443172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580068)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"124.131.117.149"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580068/; classtype:trojan-activity;sid:81443168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580067)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"125.40.11.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580067/; classtype:trojan-activity;sid:81443167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580066)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"121.25.109.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580066/; classtype:trojan-activity;sid:81443166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580065)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"120.59.120.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580065/; classtype:trojan-activity;sid:81443165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580064)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"123.10.2.228"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580064/; classtype:trojan-activity;sid:81443164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580063)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"123.129.38.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580063/; classtype:trojan-activity;sid:81443163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580062)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.75.84.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580062/; classtype:trojan-activity;sid:81443162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580061)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.75.231.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580061/; classtype:trojan-activity;sid:81443161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580058)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.75.240.119"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580058/; classtype:trojan-activity;sid:81443158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580059)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"119.162.129.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580059/; classtype:trojan-activity;sid:81443159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580060)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"119.179.27.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580060/; classtype:trojan-activity;sid:81443160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580057)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.75.81.96"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580057/; classtype:trojan-activity;sid:81443157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580054)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"118.79.238.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580054/; classtype:trojan-activity;sid:81443154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580056)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"119.165.81.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580056/; classtype:trojan-activity;sid:81443156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580055)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"119.180.121.37"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580055/; classtype:trojan-activity;sid:81443155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580053)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.75.214.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580053/; classtype:trojan-activity;sid:81443153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580052)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.75.214.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580052/; classtype:trojan-activity;sid:81443152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580051)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"116.75.119.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580051/; classtype:trojan-activity;sid:81443151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580049)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.74.50.166"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580049/; classtype:trojan-activity;sid:81443149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580050)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.75.110.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580050/; classtype:trojan-activity;sid:81443150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580048)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.74.59.66"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580048/; classtype:trojan-activity;sid:81443148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580047)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"116.75.100.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580047/; classtype:trojan-activity;sid:81443147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580046)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.74.22.246"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580046/; classtype:trojan-activity;sid:81443146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580044)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.74.20.21"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580044/; classtype:trojan-activity;sid:81443144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580045)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.74.82.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580045/; classtype:trojan-activity;sid:81443145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580043)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.73.81.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580043/; classtype:trojan-activity;sid:81443143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580042)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"116.74.101.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580042/; classtype:trojan-activity;sid:81443142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580041)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.73.93.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580041/; classtype:trojan-activity;sid:81443141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580040)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.73.216.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580040/; classtype:trojan-activity;sid:81443140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580039)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.74.17.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580039/; classtype:trojan-activity;sid:81443139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580038)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.72.83.92"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580038/; classtype:trojan-activity;sid:81443138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580037)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.73.63.229"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580037/; classtype:trojan-activity;sid:81443137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580036)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.74.171.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580036/; classtype:trojan-activity;sid:81443136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580035)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"116.72.131.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580035/; classtype:trojan-activity;sid:81443135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580034)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"115.99.95.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580034/; classtype:trojan-activity;sid:81443134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580033)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.99.98.96"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580033/; classtype:trojan-activity;sid:81443133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580032)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.99.99.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580032/; classtype:trojan-activity;sid:81443132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580031)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.72.29.144"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580031/; classtype:trojan-activity;sid:81443131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580030)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.72.194.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580030/; classtype:trojan-activity;sid:81443130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580029)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.72.19.209"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580029/; classtype:trojan-activity;sid:81443129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580028)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"115.99.96.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580028/; classtype:trojan-activity;sid:81443128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580027)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"115.99.181.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580027/; classtype:trojan-activity;sid:81443127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580025)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.99.232.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580025/; classtype:trojan-activity;sid:81443125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580026)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"115.99.30.15"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580026/; classtype:trojan-activity;sid:81443126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580024)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.99.234.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580024/; classtype:trojan-activity;sid:81443124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580023)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.99.243.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580023/; classtype:trojan-activity;sid:81443123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580022)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.99.240.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580022/; classtype:trojan-activity;sid:81443122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580021)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.99.28.136"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580021/; classtype:trojan-activity;sid:81443121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580020)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.99.30.249"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580020/; classtype:trojan-activity;sid:81443120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580019)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"115.99.159.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580019/; classtype:trojan-activity;sid:81443119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580017)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.99.134.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580017/; classtype:trojan-activity;sid:81443117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580018)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.99.161.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580018/; classtype:trojan-activity;sid:81443118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580016)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.98.70.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580016/; classtype:trojan-activity;sid:81443116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580015)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.99.113.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580015/; classtype:trojan-activity;sid:81443115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580014)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.99.146.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580014/; classtype:trojan-activity;sid:81443114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580013)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.98.41.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580013/; classtype:trojan-activity;sid:81443113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580012)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"115.98.191.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580012/; classtype:trojan-activity;sid:81443112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580011)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.98.239.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580011/; classtype:trojan-activity;sid:81443111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580010)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"115.98.183.124"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580010/; classtype:trojan-activity;sid:81443110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580009)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.98.202.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580009/; classtype:trojan-activity;sid:81443109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580008)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"115.97.80.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580008/; classtype:trojan-activity;sid:81443108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580007)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"115.97.196.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580007/; classtype:trojan-activity;sid:81443107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580006)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.97.30.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580006/; classtype:trojan-activity;sid:81443106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580005)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.97.136.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580005/; classtype:trojan-activity;sid:81443105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580004)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"115.97.199.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580004/; classtype:trojan-activity;sid:81443104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580003)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.98.178.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580003/; classtype:trojan-activity;sid:81443103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580001)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"115.97.140.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580001/; classtype:trojan-activity;sid:81443101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580002)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.97.198.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580002/; classtype:trojan-activity;sid:81443102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (580000)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.98.14.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/580000/; classtype:trojan-activity;sid:81443100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579999)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.98.14.240"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579999/; classtype:trojan-activity;sid:81443099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579998)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.96.254.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579998/; classtype:trojan-activity;sid:81443098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579997)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.96.185.1"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579997/; classtype:trojan-activity;sid:81443097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579996)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.96.73.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579996/; classtype:trojan-activity;sid:81443096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579995)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"115.97.132.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579995/; classtype:trojan-activity;sid:81443095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579994)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"115.96.146.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579994/; classtype:trojan-activity;sid:81443094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579992)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.96.60.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579992/; classtype:trojan-activity;sid:81443092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579993)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"115.97.102.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579993/; classtype:trojan-activity;sid:81443093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579991)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.96.127.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579991/; classtype:trojan-activity;sid:81443091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579990)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"115.96.142.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579990/; classtype:trojan-activity;sid:81443090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579989)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.96.107.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579989/; classtype:trojan-activity;sid:81443089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579986)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.61.159.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579986/; classtype:trojan-activity;sid:81443086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579987)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.61.182.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579987/; classtype:trojan-activity;sid:81443087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579983)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.63.13.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579983/; classtype:trojan-activity;sid:81443083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579985)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"115.63.137.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579985/; classtype:trojan-activity;sid:81443085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579984)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.63.54.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579984/; classtype:trojan-activity;sid:81443084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579988)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.96.136.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579988/; classtype:trojan-activity;sid:81443088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579982)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.53.229.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579982/; classtype:trojan-activity;sid:81443082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579980)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.55.30.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579980/; classtype:trojan-activity;sid:81443080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579981)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.61.123.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579981/; classtype:trojan-activity;sid:81443081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579978)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.54.236.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579978/; classtype:trojan-activity;sid:81443078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579977)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.56.219.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579977/; classtype:trojan-activity;sid:81443077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579979)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.61.110.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579979/; classtype:trojan-activity;sid:81443079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579970)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.48.160.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579970/; classtype:trojan-activity;sid:81443070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579974)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.48.21.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579974/; classtype:trojan-activity;sid:81443074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579973)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.50.231.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579973/; classtype:trojan-activity;sid:81443073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579976)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.51.104.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579976/; classtype:trojan-activity;sid:81443076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579975)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"115.55.150.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579975/; classtype:trojan-activity;sid:81443075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579971)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.56.197.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579971/; classtype:trojan-activity;sid:81443071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579972)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"115.56.202.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579972/; classtype:trojan-activity;sid:81443072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579969)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"112.242.116.49"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579969/; classtype:trojan-activity;sid:81443069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579968)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"112.249.58.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579968/; classtype:trojan-activity;sid:81443068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579967)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"113.194.140.141"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579967/; classtype:trojan-activity;sid:81443067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579960)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"112.225.81.0"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579960/; classtype:trojan-activity;sid:81443060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579959)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"112.226.38.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579959/; classtype:trojan-activity;sid:81443059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579965)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"112.238.230.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579965/; classtype:trojan-activity;sid:81443065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579961)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"112.240.195.55"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579961/; classtype:trojan-activity;sid:81443061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579963)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"112.249.27.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579963/; classtype:trojan-activity;sid:81443063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579964)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"112.255.129.64"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579964/; classtype:trojan-activity;sid:81443064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579962)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"112.27.124.143"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579962/; classtype:trojan-activity;sid:81443062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579966)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.48.147.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579966/; classtype:trojan-activity;sid:81443066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579958)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"112.226.148.131"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579958/; classtype:trojan-activity;sid:81443058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579957)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"103.210.41.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579957/; classtype:trojan-activity;sid:81443057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579956)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"103.206.162.222"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579956/; classtype:trojan-activity;sid:81443056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579955)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"103.84.241.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579955/; classtype:trojan-activity;sid:81443055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579954)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"103.97.137.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579954/; classtype:trojan-activity;sid:81443054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579951)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"103.73.152.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579951/; classtype:trojan-activity;sid:81443051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579952)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"103.97.138.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579952/; classtype:trojan-activity;sid:81443052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579953)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"112.117.168.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579953/; classtype:trojan-activity;sid:81443053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579950)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"81.215.63.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579950/; classtype:trojan-activity;sid:81443050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579949)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"88.242.247.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579949/; classtype:trojan-activity;sid:81443049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579948)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"85.96.19.87"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579948/; classtype:trojan-activity;sid:81443048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579947)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"95.134.111.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579947/; classtype:trojan-activity;sid:81443047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579946)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"74.50.197.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579946/; classtype:trojan-activity;sid:81443046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579945)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"64.66.17.218"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579945/; classtype:trojan-activity;sid:81443045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579944)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"61.53.125.88"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579944/; classtype:trojan-activity;sid:81443044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579943)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"61.53.220.141"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579943/; classtype:trojan-activity;sid:81443043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579940)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"61.52.99.201"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579940/; classtype:trojan-activity;sid:81443040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579939)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"61.53.116.66"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579939/; classtype:trojan-activity;sid:81443039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579941)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"61.53.117.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579941/; classtype:trojan-activity;sid:81443041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579942)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"61.53.249.41"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579942/; classtype:trojan-activity;sid:81443042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579938)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"61.54.71.135"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579938/; classtype:trojan-activity;sid:81443038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579937)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"60.254.98.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579937/; classtype:trojan-activity;sid:81443037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579934)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"61.179.91.94"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579934/; classtype:trojan-activity;sid:81443034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579936)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"61.52.193.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579936/; classtype:trojan-activity;sid:81443036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579935)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"61.52.57.205"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579935/; classtype:trojan-activity;sid:81443035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579933)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"61.52.100.111"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579933/; classtype:trojan-activity;sid:81443033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579932)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"61.52.56.126"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579932/; classtype:trojan-activity;sid:81443032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579931)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"60.254.97.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579931/; classtype:trojan-activity;sid:81443031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579930)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"60.254.96.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579930/; classtype:trojan-activity;sid:81443030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579929)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"60.254.53.141"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579929/; classtype:trojan-activity;sid:81443029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579928)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"60.254.115.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579928/; classtype:trojan-activity;sid:81443028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579927)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"60.254.106.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579927/; classtype:trojan-activity;sid:81443027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579926)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"60.243.49.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579926/; classtype:trojan-activity;sid:81443026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579925)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"60.243.49.227"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579925/; classtype:trojan-activity;sid:81443025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579924)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"60.243.49.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579924/; classtype:trojan-activity;sid:81443024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579923)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"60.243.48.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579923/; classtype:trojan-activity;sid:81443023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579922)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"60.243.49.144"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579922/; classtype:trojan-activity;sid:81443022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579921)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"60.243.48.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579921/; classtype:trojan-activity;sid:81443021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579920)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"60.243.250.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579920/; classtype:trojan-activity;sid:81443020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579919)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"60.243.228.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579919/; classtype:trojan-activity;sid:81443019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579918)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"60.243.228.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579918/; classtype:trojan-activity;sid:81443018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579917)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"60.243.173.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579917/; classtype:trojan-activity;sid:81443017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579916)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"60.243.175.230"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579916/; classtype:trojan-activity;sid:81443016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579915)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"60.243.170.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579915/; classtype:trojan-activity;sid:81443015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579914)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"60.243.162.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579914/; classtype:trojan-activity;sid:81443014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579913)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"60.243.165.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579913/; classtype:trojan-activity;sid:81443013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579912)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"60.243.149.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579912/; classtype:trojan-activity;sid:81443012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579911)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"60.243.160.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579911/; classtype:trojan-activity;sid:81443011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579910)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"60.243.147.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579910/; classtype:trojan-activity;sid:81443010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579909)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"60.243.133.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579909/; classtype:trojan-activity;sid:81443009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579908)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"60.243.133.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579908/; classtype:trojan-activity;sid:81443008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579907)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"60.243.146.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579907/; classtype:trojan-activity;sid:81443007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579906)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"60.243.132.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579906/; classtype:trojan-activity;sid:81443006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579905)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"60.243.126.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579905/; classtype:trojan-activity;sid:81443005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579904)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"60.243.125.230"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579904/; classtype:trojan-activity;sid:81443004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579903)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"60.243.126.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579903/; classtype:trojan-activity;sid:81443003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579902)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"60.243.126.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579902/; classtype:trojan-activity;sid:81443002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579901)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"60.243.123.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579901/; classtype:trojan-activity;sid:81443001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579900)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"60.243.125.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579900/; classtype:trojan-activity;sid:81443000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579899)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"60.243.123.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579899/; classtype:trojan-activity;sid:81442999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579898)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"60.243.122.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579898/; classtype:trojan-activity;sid:81442998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579897)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"60.243.121.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579897/; classtype:trojan-activity;sid:81442997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579896)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"60.243.122.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579896/; classtype:trojan-activity;sid:81442996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579895)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"60.243.118.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579895/; classtype:trojan-activity;sid:81442995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579894)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"60.243.116.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579894/; classtype:trojan-activity;sid:81442994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579893)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"60.243.115.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579893/; classtype:trojan-activity;sid:81442993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579892)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"60.243.114.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579892/; classtype:trojan-activity;sid:81442992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579891)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"60.215.177.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579891/; classtype:trojan-activity;sid:81442991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579890)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"60.243.112.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579890/; classtype:trojan-activity;sid:81442990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579889)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"60.215.218.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579889/; classtype:trojan-activity;sid:81442989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579888)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"59.180.184.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579888/; classtype:trojan-activity;sid:81442988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579887)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"60.211.113.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579887/; classtype:trojan-activity;sid:81442987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579886)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"60.211.5.172"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579886/; classtype:trojan-activity;sid:81442986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579882)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"60.209.10.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579882/; classtype:trojan-activity;sid:81442982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579880)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"60.209.174.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579880/; classtype:trojan-activity;sid:81442980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579884)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"60.209.196.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579884/; classtype:trojan-activity;sid:81442984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579878)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"60.209.199.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579878/; classtype:trojan-activity;sid:81442978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579879)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"60.209.87.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579879/; classtype:trojan-activity;sid:81442979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579885)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"60.211.41.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579885/; classtype:trojan-activity;sid:81442985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579883)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"60.211.52.5"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579883/; classtype:trojan-activity;sid:81442983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579881)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"60.211.68.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579881/; classtype:trojan-activity;sid:81442981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579877)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"59.180.177.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579877/; classtype:trojan-activity;sid:81442977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579876)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"59.180.163.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579876/; classtype:trojan-activity;sid:81442976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579875)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"59.180.180.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579875/; classtype:trojan-activity;sid:81442975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579874)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"59.180.168.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579874/; classtype:trojan-activity;sid:81442974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579873)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"59.180.168.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579873/; classtype:trojan-activity;sid:81442973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579872)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"59.177.78.120"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579872/; classtype:trojan-activity;sid:81442972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579870)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"59.177.78.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579870/; classtype:trojan-activity;sid:81442970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579871)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"59.177.79.148"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579871/; classtype:trojan-activity;sid:81442971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579869)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"59.177.76.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579869/; classtype:trojan-activity;sid:81442969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579868)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"59.177.37.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579868/; classtype:trojan-activity;sid:81442968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579867)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"58.243.19.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579867/; classtype:trojan-activity;sid:81442967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579866)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"45.248.162.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579866/; classtype:trojan-activity;sid:81442966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579864)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"49.68.227.102"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579864/; classtype:trojan-activity;sid:81442964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579865)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"59.177.36.171"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579865/; classtype:trojan-activity;sid:81442965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579863)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"45.190.89.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579863/; classtype:trojan-activity;sid:81442963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579860)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.238.224.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579860/; classtype:trojan-activity;sid:81442960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579859)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.238.243.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579859/; classtype:trojan-activity;sid:81442959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579862)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.238.65.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579862/; classtype:trojan-activity;sid:81442962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579858)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.239.226.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579858/; classtype:trojan-activity;sid:81442958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579857)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.239.254.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579857/; classtype:trojan-activity;sid:81442957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579861)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"45.172.171.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579861/; classtype:trojan-activity;sid:81442961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579856)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"42.235.82.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579856/; classtype:trojan-activity;sid:81442956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579853)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.235.184.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579853/; classtype:trojan-activity;sid:81442953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579855)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.235.187.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579855/; classtype:trojan-activity;sid:81442955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579852)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.235.71.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579852/; classtype:trojan-activity;sid:81442952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579854)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.235.88.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579854/; classtype:trojan-activity;sid:81442954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579847)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.233.147.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579847/; classtype:trojan-activity;sid:81442947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579849)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.233.68.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579849/; classtype:trojan-activity;sid:81442949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579846)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.234.186.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579846/; classtype:trojan-activity;sid:81442946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579851)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.234.227.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579851/; classtype:trojan-activity;sid:81442951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579843)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"42.234.228.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579843/; classtype:trojan-activity;sid:81442943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579850)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.234.238.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579850/; classtype:trojan-activity;sid:81442950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579848)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"42.235.126.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579848/; classtype:trojan-activity;sid:81442948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579845)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"42.235.141.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579845/; classtype:trojan-activity;sid:81442945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579844)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.235.153.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579844/; classtype:trojan-activity;sid:81442944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579842)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.234.228.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579842/; classtype:trojan-activity;sid:81442942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579841)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.233.119.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579841/; classtype:trojan-activity;sid:81442941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579835)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.230.71.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579835/; classtype:trojan-activity;sid:81442935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579834)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.230.88.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579834/; classtype:trojan-activity;sid:81442934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579836)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.230.92.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579836/; classtype:trojan-activity;sid:81442936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579837)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.231.159.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579837/; classtype:trojan-activity;sid:81442937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579833)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.231.255.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579833/; classtype:trojan-activity;sid:81442933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579839)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.232.115.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579839/; classtype:trojan-activity;sid:81442939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579840)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.232.238.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579840/; classtype:trojan-activity;sid:81442940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579838)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.233.111.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579838/; classtype:trojan-activity;sid:81442938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579832)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.228.35.113"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579832/; classtype:trojan-activity;sid:81442932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579831)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.230.103.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579831/; classtype:trojan-activity;sid:81442931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579829)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.228.35.203"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579829/; classtype:trojan-activity;sid:81442929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579830)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.228.45.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579830/; classtype:trojan-activity;sid:81442930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579827)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.230.122.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579827/; classtype:trojan-activity;sid:81442927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579828)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.230.179.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579828/; classtype:trojan-activity;sid:81442928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579826)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.228.72.166"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579826/; classtype:trojan-activity;sid:81442926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579825)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"42.230.126.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579825/; classtype:trojan-activity;sid:81442925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579822)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.228.45.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579822/; classtype:trojan-activity;sid:81442922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579824)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.229.191.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579824/; classtype:trojan-activity;sid:81442924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579817)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.230.122.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579817/; classtype:trojan-activity;sid:81442917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579818)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.230.144.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579818/; classtype:trojan-activity;sid:81442918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579819)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.230.151.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579819/; classtype:trojan-activity;sid:81442919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579823)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"42.230.177.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579823/; classtype:trojan-activity;sid:81442923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579820)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.230.224.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579820/; classtype:trojan-activity;sid:81442920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579821)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.230.231.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579821/; classtype:trojan-activity;sid:81442921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579816)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"42.224.69.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579816/; classtype:trojan-activity;sid:81442916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579813)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.224.76.19"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579813/; classtype:trojan-activity;sid:81442913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579808)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.225.202.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579808/; classtype:trojan-activity;sid:81442908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579806)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.225.202.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579806/; classtype:trojan-activity;sid:81442906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579810)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"42.226.91.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579810/; classtype:trojan-activity;sid:81442910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579811)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.227.166.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579811/; classtype:trojan-activity;sid:81442911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579809)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.227.222.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579809/; classtype:trojan-activity;sid:81442909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579807)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.227.246.143"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579807/; classtype:trojan-activity;sid:81442907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579812)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.227.25.253"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579812/; classtype:trojan-activity;sid:81442912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579815)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.228.125.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579815/; classtype:trojan-activity;sid:81442915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579814)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.228.245.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579814/; classtype:trojan-activity;sid:81442914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579803)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"42.224.176.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579803/; classtype:trojan-activity;sid:81442903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579805)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.224.234.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579805/; classtype:trojan-activity;sid:81442905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579804)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.224.54.26"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579804/; classtype:trojan-activity;sid:81442904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579802)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.224.159.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579802/; classtype:trojan-activity;sid:81442902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579801)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"39.89.226.94"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579801/; classtype:trojan-activity;sid:81442901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579800)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"41.84.246.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579800/; classtype:trojan-activity;sid:81442900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579793)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"39.88.207.79"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579793/; classtype:trojan-activity;sid:81442893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579796)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"39.89.178.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579796/; classtype:trojan-activity;sid:81442896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579799)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"39.89.7.252"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579799/; classtype:trojan-activity;sid:81442899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579795)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"39.90.190.111"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579795/; classtype:trojan-activity;sid:81442895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579798)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"41.86.5.236"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579798/; classtype:trojan-activity;sid:81442898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579797)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.224.112.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579797/; classtype:trojan-activity;sid:81442897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579794)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.224.133.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579794/; classtype:trojan-activity;sid:81442894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579791)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"39.88.42.75"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579791/; classtype:trojan-activity;sid:81442891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579792)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"42.224.134.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579792/; classtype:trojan-activity;sid:81442892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579789)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"39.79.151.209"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579789/; classtype:trojan-activity;sid:81442889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579790)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"39.86.217.133"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579790/; classtype:trojan-activity;sid:81442890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579787)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"39.80.56.15"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579787/; classtype:trojan-activity;sid:81442887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579786)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"39.81.30.64"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579786/; classtype:trojan-activity;sid:81442886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579788)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"39.82.102.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579788/; classtype:trojan-activity;sid:81442888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579785)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"39.86.155.133"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579785/; classtype:trojan-activity;sid:81442885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579780)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"39.79.164.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579780/; classtype:trojan-activity;sid:81442880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579778)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"39.79.233.57"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579778/; classtype:trojan-activity;sid:81442878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579784)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"39.79.32.192"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579784/; classtype:trojan-activity;sid:81442884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579779)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"39.81.180.26"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579779/; classtype:trojan-activity;sid:81442879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579783)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"39.86.67.108"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579783/; classtype:trojan-activity;sid:81442883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579782)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"39.87.125.225"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579782/; classtype:trojan-activity;sid:81442882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579777)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"39.87.243.12"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579777/; classtype:trojan-activity;sid:81442877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579781)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"39.88.100.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579781/; classtype:trojan-activity;sid:81442881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579776)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"39.88.163.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579776/; classtype:trojan-activity;sid:81442876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579774)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"39.74.247.12"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579774/; classtype:trojan-activity;sid:81442874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579775)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"39.77.243.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579775/; classtype:trojan-activity;sid:81442875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579772)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"39.74.254.41"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579772/; classtype:trojan-activity;sid:81442872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579773)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"39.76.36.29"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579773/; classtype:trojan-activity;sid:81442873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579771)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"39.77.15.94"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579771/; classtype:trojan-activity;sid:81442871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579770)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"39.74.30.35"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579770/; classtype:trojan-activity;sid:81442870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579768)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"39.77.112.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579768/; classtype:trojan-activity;sid:81442868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579769)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"39.77.145.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579769/; classtype:trojan-activity;sid:81442869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579767)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"39.77.214.171"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579767/; classtype:trojan-activity;sid:81442867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579765)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"39.77.25.231"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579765/; classtype:trojan-activity;sid:81442865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579764)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"39.77.42.25"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579764/; classtype:trojan-activity;sid:81442864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579766)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"39.79.148.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579766/; classtype:trojan-activity;sid:81442866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579763)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.7.99.216"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579763/; classtype:trojan-activity;sid:81442863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579762)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"39.74.132.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579762/; classtype:trojan-activity;sid:81442862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579754)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"39.65.136.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579754/; classtype:trojan-activity;sid:81442854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579761)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"39.65.177.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579761/; classtype:trojan-activity;sid:81442861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579757)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"39.65.64.41"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579757/; classtype:trojan-activity;sid:81442857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579759)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"39.73.251.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579759/; classtype:trojan-activity;sid:81442859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579758)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"39.73.47.251"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579758/; classtype:trojan-activity;sid:81442858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579756)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"39.74.105.159"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579756/; classtype:trojan-activity;sid:81442856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579755)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"39.74.172.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579755/; classtype:trojan-activity;sid:81442855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579760)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"39.74.238.204"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579760/; classtype:trojan-activity;sid:81442860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579753)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.7.87.251"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579753/; classtype:trojan-activity;sid:81442853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579752)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.7.9.219"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579752/; classtype:trojan-activity;sid:81442852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579751)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.7.94.166"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579751/; classtype:trojan-activity;sid:81442851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579750)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.7.82.56"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579750/; classtype:trojan-activity;sid:81442850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579749)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.7.82.228"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579749/; classtype:trojan-activity;sid:81442849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579748)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"27.7.48.215"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579748/; classtype:trojan-activity;sid:81442848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579747)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.7.43.80"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579747/; classtype:trojan-activity;sid:81442847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579746)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.7.80.190"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579746/; classtype:trojan-activity;sid:81442846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579745)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.7.48.40"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579745/; classtype:trojan-activity;sid:81442845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579744)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"27.7.24.43"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579744/; classtype:trojan-activity;sid:81442844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579743)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"27.7.29.144"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579743/; classtype:trojan-activity;sid:81442843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579742)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.7.23.16"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579742/; classtype:trojan-activity;sid:81442842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579741)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"27.7.228.147"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579741/; classtype:trojan-activity;sid:81442841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579740)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.7.199.37"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579740/; classtype:trojan-activity;sid:81442840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579739)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.7.182.222"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579739/; classtype:trojan-activity;sid:81442839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579738)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.7.189.31"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579738/; classtype:trojan-activity;sid:81442838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579737)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.7.182.165"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579737/; classtype:trojan-activity;sid:81442837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579736)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.7.178.159"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579736/; classtype:trojan-activity;sid:81442836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579735)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.7.175.199"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579735/; classtype:trojan-activity;sid:81442835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579734)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"27.7.174.155"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579734/; classtype:trojan-activity;sid:81442834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579733)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.7.171.113"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579733/; classtype:trojan-activity;sid:81442833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579732)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"27.7.171.93"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579732/; classtype:trojan-activity;sid:81442832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579731)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.7.174.126"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579731/; classtype:trojan-activity;sid:81442831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579730)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.7.173.43"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579730/; classtype:trojan-activity;sid:81442830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579729)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"27.7.165.212"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579729/; classtype:trojan-activity;sid:81442829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579728)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.7.162.35"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579728/; classtype:trojan-activity;sid:81442828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579727)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.7.163.186"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579727/; classtype:trojan-activity;sid:81442827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579726)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"27.7.160.13"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579726/; classtype:trojan-activity;sid:81442826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579725)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.7.159.30"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579725/; classtype:trojan-activity;sid:81442825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579724)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.7.157.219"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579724/; classtype:trojan-activity;sid:81442824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579723)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"27.7.158.84"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579723/; classtype:trojan-activity;sid:81442823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579722)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.7.145.109"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579722/; classtype:trojan-activity;sid:81442822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579721)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"27.7.135.50"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579721/; classtype:trojan-activity;sid:81442821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579720)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.7.111.176"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579720/; classtype:trojan-activity;sid:81442820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579719)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.7.111.248"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579719/; classtype:trojan-activity;sid:81442819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579718)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"27.7.107.169"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579718/; classtype:trojan-activity;sid:81442818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579717)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.6.92.59"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579717/; classtype:trojan-activity;sid:81442817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579716)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"27.6.93.239"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579716/; classtype:trojan-activity;sid:81442816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579715)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.6.95.71"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579715/; classtype:trojan-activity;sid:81442815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579714)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.7.103.3"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579714/; classtype:trojan-activity;sid:81442814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579713)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"27.6.76.68"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579713/; classtype:trojan-activity;sid:81442813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579712)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.6.78.128"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579712/; classtype:trojan-activity;sid:81442812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579711)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.6.76.68"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579711/; classtype:trojan-activity;sid:81442811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579710)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.6.89.169"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579710/; classtype:trojan-activity;sid:81442810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579709)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"27.6.92.59"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579709/; classtype:trojan-activity;sid:81442809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579708)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.6.76.135"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579708/; classtype:trojan-activity;sid:81442808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579707)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.6.55.75"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579707/; classtype:trojan-activity;sid:81442807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579706)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"27.6.52.193"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579706/; classtype:trojan-activity;sid:81442806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579705)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.6.53.64"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579705/; classtype:trojan-activity;sid:81442805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579704)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.6.4.74"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579704/; classtype:trojan-activity;sid:81442804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579703)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.6.31.55"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579703/; classtype:trojan-activity;sid:81442803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579702)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"27.6.244.83"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579702/; classtype:trojan-activity;sid:81442802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579700)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"27.6.244.183"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579700/; classtype:trojan-activity;sid:81442800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579701)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.6.246.2"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579701/; classtype:trojan-activity;sid:81442801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579699)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.6.241.228"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579699/; classtype:trojan-activity;sid:81442799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579698)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.6.206.56"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579698/; classtype:trojan-activity;sid:81442798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579697)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"27.6.241.168"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579697/; classtype:trojan-activity;sid:81442797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579696)"; flow:established,from_client; content:"GET"; http_method; content:"/bibqcr9/e/"; http_uri; depth:11; isdataat:!1,relative; content:"blog.workshots.net"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579696/; classtype:trojan-activity;sid:81442796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579695)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.6.200.242"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579695/; classtype:trojan-activity;sid:81442795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579694)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"27.6.199.215"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579694/; classtype:trojan-activity;sid:81442794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579693)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"27.6.205.180"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579693/; classtype:trojan-activity;sid:81442793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579692)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"27.6.205.150"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579692/; classtype:trojan-activity;sid:81442792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579691)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.6.205.219"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579691/; classtype:trojan-activity;sid:81442791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579690)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.6.197.217"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579690/; classtype:trojan-activity;sid:81442790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579689)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.6.185.0"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579689/; classtype:trojan-activity;sid:81442789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579688)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"27.6.184.29"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579688/; classtype:trojan-activity;sid:81442788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579687)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"27.6.172.95"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579687/; classtype:trojan-activity;sid:81442787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579686)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.6.182.250"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579686/; classtype:trojan-activity;sid:81442786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579685)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.6.185.136"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579685/; classtype:trojan-activity;sid:81442785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579684)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"27.6.186.156"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579684/; classtype:trojan-activity;sid:81442784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579683)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.6.167.211"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579683/; classtype:trojan-activity;sid:81442783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579682)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.6.165.0"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579682/; classtype:trojan-activity;sid:81442782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579681)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.6.159.32"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579681/; classtype:trojan-activity;sid:81442781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579680)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.6.154.88"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579680/; classtype:trojan-activity;sid:81442780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579679)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.6.145.164"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579679/; classtype:trojan-activity;sid:81442779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579678)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"27.6.145.84"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579678/; classtype:trojan-activity;sid:81442778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579677)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.6.135.120"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579677/; classtype:trojan-activity;sid:81442777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579676)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"27.6.12.180"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579676/; classtype:trojan-activity;sid:81442776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579675)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.6.120.161"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579675/; classtype:trojan-activity;sid:81442775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579674)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.6.111.7"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579674/; classtype:trojan-activity;sid:81442774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579673)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.5.44.88"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579673/; classtype:trojan-activity;sid:81442773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579672)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.5.44.76"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579672/; classtype:trojan-activity;sid:81442772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579671)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"27.5.45.27"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579671/; classtype:trojan-activity;sid:81442771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579670)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.5.42.80"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579670/; classtype:trojan-activity;sid:81442770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579669)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.5.43.58"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579669/; classtype:trojan-activity;sid:81442769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579668)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.5.36.173"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579668/; classtype:trojan-activity;sid:81442768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579666)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.5.34.95"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579666/; classtype:trojan-activity;sid:81442766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579667)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"27.5.36.155"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579667/; classtype:trojan-activity;sid:81442767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579665)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.5.25.25"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579665/; classtype:trojan-activity;sid:81442765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579664)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.5.25.2"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579664/; classtype:trojan-activity;sid:81442764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579663)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.5.30.197"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579663/; classtype:trojan-activity;sid:81442763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579662)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"27.5.29.21"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579662/; classtype:trojan-activity;sid:81442762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579661)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.5.24.117"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579661/; classtype:trojan-activity;sid:81442761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579659)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.5.22.140"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579659/; classtype:trojan-activity;sid:81442759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579660)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.5.24.105"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579660/; classtype:trojan-activity;sid:81442760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579658)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.5.20.170"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579658/; classtype:trojan-activity;sid:81442758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579657)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.5.21.224"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579657/; classtype:trojan-activity;sid:81442757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579656)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.5.17.219"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579656/; classtype:trojan-activity;sid:81442756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579655)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.5.16.16"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579655/; classtype:trojan-activity;sid:81442755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579654)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"27.5.18.194"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579654/; classtype:trojan-activity;sid:81442754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579653)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"27.5.19.79"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579653/; classtype:trojan-activity;sid:81442753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579652)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"27.4.172.170"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579652/; classtype:trojan-activity;sid:81442752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579651)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.4.169.73"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579651/; classtype:trojan-activity;sid:81442751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579650)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"27.223.44.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579650/; classtype:trojan-activity;sid:81442750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579643)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.219.64.155"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579643/; classtype:trojan-activity;sid:81442743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579645)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"27.220.82.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579645/; classtype:trojan-activity;sid:81442745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579646)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"27.220.95.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579646/; classtype:trojan-activity;sid:81442746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579648)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.222.242.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579648/; classtype:trojan-activity;sid:81442748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579644)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.223.147.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579644/; classtype:trojan-activity;sid:81442744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579647)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.223.162.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579647/; classtype:trojan-activity;sid:81442747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579641)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"27.223.217.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579641/; classtype:trojan-activity;sid:81442741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579642)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.223.220.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579642/; classtype:trojan-activity;sid:81442742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579649)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.4.168.123"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579649/; classtype:trojan-activity;sid:81442749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579639)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.216.185.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579639/; classtype:trojan-activity;sid:81442739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579640)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"27.217.214.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579640/; classtype:trojan-activity;sid:81442740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579638)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.216.234.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579638/; classtype:trojan-activity;sid:81442738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579636)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"27.217.20.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579636/; classtype:trojan-activity;sid:81442736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579637)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"27.219.2.125"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579637/; classtype:trojan-activity;sid:81442737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579634)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"27.217.214.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579634/; classtype:trojan-activity;sid:81442734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579633)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.217.240.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579633/; classtype:trojan-activity;sid:81442733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579635)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.217.8.63"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579635/; classtype:trojan-activity;sid:81442735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579632)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.219.179.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579632/; classtype:trojan-activity;sid:81442732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579631)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.216.214.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579631/; classtype:trojan-activity;sid:81442731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579629)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.217.103.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579629/; classtype:trojan-activity;sid:81442729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579630)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.217.160.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579630/; classtype:trojan-activity;sid:81442730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579628)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"27.217.51.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579628/; classtype:trojan-activity;sid:81442728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579627)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.219.153.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579627/; classtype:trojan-activity;sid:81442727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579626)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.219.28.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579626/; classtype:trojan-activity;sid:81442726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579625)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.215.81.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579625/; classtype:trojan-activity;sid:81442725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579623)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.210.21.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579623/; classtype:trojan-activity;sid:81442723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579621)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.210.88.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579621/; classtype:trojan-activity;sid:81442721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579620)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"27.213.124.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579620/; classtype:trojan-activity;sid:81442720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579624)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.215.102.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579624/; classtype:trojan-activity;sid:81442724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579622)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.215.49.135"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579622/; classtype:trojan-activity;sid:81442722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579619)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.210.211.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579619/; classtype:trojan-activity;sid:81442719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579618)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.211.42.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579618/; classtype:trojan-activity;sid:81442718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579617)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.211.60.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579617/; classtype:trojan-activity;sid:81442717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579611)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.213.148.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579611/; classtype:trojan-activity;sid:81442711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579614)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.213.69.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579614/; classtype:trojan-activity;sid:81442714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579616)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.213.89.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579616/; classtype:trojan-activity;sid:81442716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579613)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"27.213.97.249"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579613/; classtype:trojan-activity;sid:81442713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579615)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.215.140.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579615/; classtype:trojan-activity;sid:81442715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579610)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"27.215.217.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579610/; classtype:trojan-activity;sid:81442710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579612)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.215.232.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579612/; classtype:trojan-activity;sid:81442712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579609)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"27.207.77.115"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579609/; classtype:trojan-activity;sid:81442709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579608)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.209.8.135"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579608/; classtype:trojan-activity;sid:81442708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579607)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.202.48.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579607/; classtype:trojan-activity;sid:81442707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579603)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.202.67.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579603/; classtype:trojan-activity;sid:81442703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579601)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.202.74.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579601/; classtype:trojan-activity;sid:81442701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579606)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"27.202.76.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579606/; classtype:trojan-activity;sid:81442706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579605)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.206.243.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579605/; classtype:trojan-activity;sid:81442705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579604)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.206.84.63"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579604/; classtype:trojan-activity;sid:81442704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579602)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.207.140.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579602/; classtype:trojan-activity;sid:81442702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579599)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.207.202.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579599/; classtype:trojan-activity;sid:81442699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579600)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.207.214.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579600/; classtype:trojan-activity;sid:81442700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579598)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"27.206.87.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579598/; classtype:trojan-activity;sid:81442698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579596)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"27.202.12.241"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579596/; classtype:trojan-activity;sid:81442696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579597)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.202.185.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579597/; classtype:trojan-activity;sid:81442697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579593)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.194.252.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579593/; classtype:trojan-activity;sid:81442693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579594)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.202.0.233"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579594/; classtype:trojan-activity;sid:81442694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579595)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.202.170.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579595/; classtype:trojan-activity;sid:81442695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579592)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.194.247.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579592/; classtype:trojan-activity;sid:81442692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579586)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.194.149.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579586/; classtype:trojan-activity;sid:81442686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579584)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"27.194.155.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579584/; classtype:trojan-activity;sid:81442684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579590)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.194.7.186"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579590/; classtype:trojan-activity;sid:81442690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579588)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.194.75.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579588/; classtype:trojan-activity;sid:81442688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579589)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.194.9.185"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579589/; classtype:trojan-activity;sid:81442689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579585)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.202.0.29"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579585/; classtype:trojan-activity;sid:81442685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579583)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.202.121.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579583/; classtype:trojan-activity;sid:81442683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579587)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.202.14.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579587/; classtype:trojan-activity;sid:81442687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579591)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.202.200.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579591/; classtype:trojan-activity;sid:81442691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579582)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"24.152.75.87"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579582/; classtype:trojan-activity;sid:81442682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579581)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.193.97.82"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579581/; classtype:trojan-activity;sid:81442681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579579)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"222.141.79.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579579/; classtype:trojan-activity;sid:81442679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579580)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"222.141.90.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579580/; classtype:trojan-activity;sid:81442680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579578)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"222.142.210.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579578/; classtype:trojan-activity;sid:81442678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579577)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.193.154.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579577/; classtype:trojan-activity;sid:81442677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579574)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"222.142.222.82"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579574/; classtype:trojan-activity;sid:81442674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579575)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"222.142.73.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579575/; classtype:trojan-activity;sid:81442675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579576)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.193.116.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579576/; classtype:trojan-activity;sid:81442676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579573)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.193.124.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579573/; classtype:trojan-activity;sid:81442673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579572)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.193.86.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579572/; classtype:trojan-activity;sid:81442672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579571)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"222.140.188.52"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579571/; classtype:trojan-activity;sid:81442671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579570)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"222.141.150.68"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579570/; classtype:trojan-activity;sid:81442670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579569)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"222.138.174.244"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579569/; classtype:trojan-activity;sid:81442669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579568)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"222.141.47.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579568/; classtype:trojan-activity;sid:81442668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579566)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"222.138.203.227"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579566/; classtype:trojan-activity;sid:81442666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579564)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"222.138.96.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579564/; classtype:trojan-activity;sid:81442664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579562)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"222.139.111.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579562/; classtype:trojan-activity;sid:81442662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579561)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"222.139.12.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579561/; classtype:trojan-activity;sid:81442661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579567)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"222.139.63.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579567/; classtype:trojan-activity;sid:81442667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579565)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"222.141.116.27"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579565/; classtype:trojan-activity;sid:81442665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579563)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"222.141.169.102"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579563/; classtype:trojan-activity;sid:81442663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579559)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"222.137.122.144"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579559/; classtype:trojan-activity;sid:81442659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579560)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"222.138.143.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579560/; classtype:trojan-activity;sid:81442660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579558)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"222.137.21.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579558/; classtype:trojan-activity;sid:81442658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579557)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"222.137.239.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579557/; classtype:trojan-activity;sid:81442657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579556)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"222.137.21.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579556/; classtype:trojan-activity;sid:81442656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579555)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"222.137.9.100"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579555/; classtype:trojan-activity;sid:81442655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579553)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"222.137.142.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579553/; classtype:trojan-activity;sid:81442653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579551)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"222.137.2.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579551/; classtype:trojan-activity;sid:81442651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579548)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"222.137.2.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579548/; classtype:trojan-activity;sid:81442648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579550)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"222.137.239.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579550/; classtype:trojan-activity;sid:81442650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579552)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"222.137.52.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579552/; classtype:trojan-activity;sid:81442652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579546)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"222.138.101.126"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579546/; classtype:trojan-activity;sid:81442646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579549)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"222.138.103.160"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579549/; classtype:trojan-activity;sid:81442649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579547)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"222.138.118.140"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579547/; classtype:trojan-activity;sid:81442647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579554)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"222.138.120.252"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579554/; classtype:trojan-activity;sid:81442654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579545)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"221.235.140.22"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579545/; classtype:trojan-activity;sid:81442645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579542)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"221.15.192.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579542/; classtype:trojan-activity;sid:81442642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579544)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"221.15.226.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579544/; classtype:trojan-activity;sid:81442644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579543)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"221.15.255.119"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579543/; classtype:trojan-activity;sid:81442643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579541)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"222.137.122.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579541/; classtype:trojan-activity;sid:81442641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579540)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"221.164.141.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579540/; classtype:trojan-activity;sid:81442640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579539)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"221.215.208.138"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579539/; classtype:trojan-activity;sid:81442639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579531)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"221.15.55.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579531/; classtype:trojan-activity;sid:81442631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579533)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"221.15.7.16"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579533/; classtype:trojan-activity;sid:81442633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579536)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"221.15.85.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579536/; classtype:trojan-activity;sid:81442636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579534)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"221.203.86.119"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579534/; classtype:trojan-activity;sid:81442634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579532)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"221.215.215.138"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579532/; classtype:trojan-activity;sid:81442632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579537)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"221.215.52.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579537/; classtype:trojan-activity;sid:81442637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579538)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"222.134.173.190"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579538/; classtype:trojan-activity;sid:81442638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579535)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"222.134.30.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579535/; classtype:trojan-activity;sid:81442635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579530)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"60.243.125.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579530/; classtype:trojan-activity;sid:81442630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579529)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.242.103.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579529/; classtype:trojan-activity;sid:81442629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579527)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"125.41.212.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579527/; classtype:trojan-activity;sid:81442627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579528)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.207.202.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579528/; classtype:trojan-activity;sid:81442628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579526)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.98.189.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579526/; classtype:trojan-activity;sid:81442626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579525)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"221.1.154.94"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579525/; classtype:trojan-activity;sid:81442625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579524)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"219.157.51.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579524/; classtype:trojan-activity;sid:81442624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579523)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.6.175.161"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579523/; classtype:trojan-activity;sid:81442623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579521)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"103.115.181.227"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579521/; classtype:trojan-activity;sid:81442621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579520)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.50.211.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579520/; classtype:trojan-activity;sid:81442620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579522)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.7.87.107"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579522/; classtype:trojan-activity;sid:81442622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579519)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"103.209.204.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579519/; classtype:trojan-activity;sid:81442619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579518)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"39.79.45.30"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579518/; classtype:trojan-activity;sid:81442618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579516)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"219.157.31.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579516/; classtype:trojan-activity;sid:81442616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579517)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.6.168.62"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579517/; classtype:trojan-activity;sid:81442617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579514)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"221.15.155.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579514/; classtype:trojan-activity;sid:81442614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579515)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.7.122.138"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579515/; classtype:trojan-activity;sid:81442615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579513)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"221.0.137.80"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579513/; classtype:trojan-activity;sid:81442613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579512)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"219.157.60.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579512/; classtype:trojan-activity;sid:81442612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579511)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"221.1.159.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579511/; classtype:trojan-activity;sid:81442611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579510)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"221.0.119.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579510/; classtype:trojan-activity;sid:81442610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579508)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"221.0.125.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579508/; classtype:trojan-activity;sid:81442608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579509)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"222.138.122.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579509/; classtype:trojan-activity;sid:81442609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579507)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"120.59.123.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579507/; classtype:trojan-activity;sid:81442607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579506)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"219.157.58.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579506/; classtype:trojan-activity;sid:81442606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579505)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"60.243.233.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579505/; classtype:trojan-activity;sid:81442605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579504)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"219.157.26.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579504/; classtype:trojan-activity;sid:81442604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579502)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"221.14.164.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579502/; classtype:trojan-activity;sid:81442602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579503)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.228.127.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579503/; classtype:trojan-activity;sid:81442603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579501)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.96.111.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579501/; classtype:trojan-activity;sid:81442601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579498)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"219.156.18.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579498/; classtype:trojan-activity;sid:81442598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579500)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"219.156.9.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579500/; classtype:trojan-activity;sid:81442600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579499)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"219.157.26.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579499/; classtype:trojan-activity;sid:81442599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579497)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"219.156.94.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579497/; classtype:trojan-activity;sid:81442597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579496)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"219.157.201.87"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579496/; classtype:trojan-activity;sid:81442596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579491)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"219.155.246.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579491/; classtype:trojan-activity;sid:81442591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579493)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"219.155.25.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579493/; classtype:trojan-activity;sid:81442593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579495)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"219.155.29.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579495/; classtype:trojan-activity;sid:81442595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579494)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"219.156.64.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579494/; classtype:trojan-activity;sid:81442594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579489)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"219.156.92.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579489/; classtype:trojan-activity;sid:81442589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579488)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"219.157.207.181"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579488/; classtype:trojan-activity;sid:81442588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579490)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"219.157.218.25"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579490/; classtype:trojan-activity;sid:81442590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579492)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"219.157.248.179"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579492/; classtype:trojan-activity;sid:81442592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579487)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"219.157.25.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579487/; classtype:trojan-activity;sid:81442587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579486)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"219.157.181.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579486/; classtype:trojan-activity;sid:81442586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579484)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"218.56.76.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579484/; classtype:trojan-activity;sid:81442584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579485)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"219.154.109.218"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579485/; classtype:trojan-activity;sid:81442585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579483)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"219.154.125.60"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579483/; classtype:trojan-activity;sid:81442583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579482)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"219.155.213.77"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579482/; classtype:trojan-activity;sid:81442582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579481)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"218.104.175.158"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579481/; classtype:trojan-activity;sid:81442581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579479)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"218.67.219.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579479/; classtype:trojan-activity;sid:81442579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579480)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"219.155.224.6"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579480/; classtype:trojan-activity;sid:81442580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579472)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"218.56.242.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579472/; classtype:trojan-activity;sid:81442572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579473)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"218.57.49.63"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579473/; classtype:trojan-activity;sid:81442573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579474)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"218.58.146.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579474/; classtype:trojan-activity;sid:81442574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579478)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"218.59.25.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579478/; classtype:trojan-activity;sid:81442578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579476)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"219.154.109.59"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579476/; classtype:trojan-activity;sid:81442576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579475)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"219.154.141.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579475/; classtype:trojan-activity;sid:81442575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579477)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"219.155.14.1"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579477/; classtype:trojan-activity;sid:81442577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579471)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"203.212.242.32"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579471/; classtype:trojan-activity;sid:81442571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579470)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"210.18.153.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579470/; classtype:trojan-activity;sid:81442570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579469)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"210.18.153.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579469/; classtype:trojan-activity;sid:81442569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579468)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"210.18.153.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579468/; classtype:trojan-activity;sid:81442568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579467)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"211.244.200.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579467/; classtype:trojan-activity;sid:81442567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579466)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"203.212.242.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579466/; classtype:trojan-activity;sid:81442566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579465)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"209.150.243.192"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579465/; classtype:trojan-activity;sid:81442565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579464)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"217.14.5.176"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579464/; classtype:trojan-activity;sid:81442564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579463)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"203.212.205.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579463/; classtype:trojan-activity;sid:81442563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579462)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"203.212.220.247"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579462/; classtype:trojan-activity;sid:81442562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579461)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"203.212.230.28"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579461/; classtype:trojan-activity;sid:81442561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579459)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"203.212.204.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579459/; classtype:trojan-activity;sid:81442559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579460)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"203.212.237.205"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579460/; classtype:trojan-activity;sid:81442560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579458)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"203.212.229.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579458/; classtype:trojan-activity;sid:81442558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579457)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"203.212.239.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579457/; classtype:trojan-activity;sid:81442557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579456)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"203.163.235.90"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579456/; classtype:trojan-activity;sid:81442556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579455)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"203.163.234.31"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579455/; classtype:trojan-activity;sid:81442555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579454)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"203.163.238.14"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579454/; classtype:trojan-activity;sid:81442554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579453)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"203.163.234.222"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579453/; classtype:trojan-activity;sid:81442553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579452)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"202.88.218.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579452/; classtype:trojan-activity;sid:81442552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579451)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"202.88.138.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579451/; classtype:trojan-activity;sid:81442551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579450)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"202.88.218.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579450/; classtype:trojan-activity;sid:81442550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579449)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"202.88.220.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579449/; classtype:trojan-activity;sid:81442549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579448)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"203.163.234.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579448/; classtype:trojan-activity;sid:81442548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579447)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"202.88.220.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579447/; classtype:trojan-activity;sid:81442547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579446)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"202.83.37.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579446/; classtype:trojan-activity;sid:81442546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579445)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"202.83.37.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579445/; classtype:trojan-activity;sid:81442545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579444)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"200.123.232.143"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579444/; classtype:trojan-activity;sid:81442544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579442)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"200.123.234.108"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579442/; classtype:trojan-activity;sid:81442542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579443)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"201.182.91.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579443/; classtype:trojan-activity;sid:81442543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579441)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"200.123.232.146"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579441/; classtype:trojan-activity;sid:81442541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579439)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"201.237.236.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579439/; classtype:trojan-activity;sid:81442539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579440)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"201.244.212.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579440/; classtype:trojan-activity;sid:81442540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579436)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"201.244.213.9"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579436/; classtype:trojan-activity;sid:81442536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579437)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"202.110.76.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579437/; classtype:trojan-activity;sid:81442537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579438)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"202.164.150.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579438/; classtype:trojan-activity;sid:81442538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579435)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"190.26.143.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579435/; classtype:trojan-activity;sid:81442535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579434)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"190.24.67.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579434/; classtype:trojan-activity;sid:81442534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579433)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"190.26.142.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579433/; classtype:trojan-activity;sid:81442533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579432)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"190.27.163.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579432/; classtype:trojan-activity;sid:81442532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579430)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"186.31.20.111"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579430/; classtype:trojan-activity;sid:81442530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579431)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"190.24.66.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579431/; classtype:trojan-activity;sid:81442531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579428)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"186.154.9.21"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579428/; classtype:trojan-activity;sid:81442528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579429)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"186.155.21.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579429/; classtype:trojan-activity;sid:81442529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579425)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"186.28.126.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579425/; classtype:trojan-activity;sid:81442525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579427)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"186.29.61.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579427/; classtype:trojan-activity;sid:81442527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579426)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"186.30.148.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579426/; classtype:trojan-activity;sid:81442526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579424)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"186.30.19.230"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579424/; classtype:trojan-activity;sid:81442524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579423)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.59.67.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579423/; classtype:trojan-activity;sid:81442523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579422)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.59.64.117"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579422/; classtype:trojan-activity;sid:81442522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579421)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.59.213.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579421/; classtype:trojan-activity;sid:81442521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579420)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.59.208.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579420/; classtype:trojan-activity;sid:81442520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579419)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.59.207.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579419/; classtype:trojan-activity;sid:81442519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579418)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.59.181.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579418/; classtype:trojan-activity;sid:81442518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579417)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.59.168.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579417/; classtype:trojan-activity;sid:81442517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579416)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"182.58.217.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579416/; classtype:trojan-activity;sid:81442516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579415)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"182.58.216.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579415/; classtype:trojan-activity;sid:81442515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579414)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.57.163.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579414/; classtype:trojan-activity;sid:81442514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579413)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.59.102.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579413/; classtype:trojan-activity;sid:81442513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579412)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.56.226.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579412/; classtype:trojan-activity;sid:81442512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579411)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.56.55.38"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579411/; classtype:trojan-activity;sid:81442511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579409)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"182.222.195.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579409/; classtype:trojan-activity;sid:81442509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579410)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.56.116.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579410/; classtype:trojan-activity;sid:81442510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579405)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.126.192.56"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579405/; classtype:trojan-activity;sid:81442505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579404)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.126.90.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579404/; classtype:trojan-activity;sid:81442504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579406)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.127.136.63"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579406/; classtype:trojan-activity;sid:81442506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579407)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.127.175.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579407/; classtype:trojan-activity;sid:81442507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579408)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"182.127.42.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579408/; classtype:trojan-activity;sid:81442508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579403)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.127.89.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579403/; classtype:trojan-activity;sid:81442503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579402)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.121.52.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579402/; classtype:trojan-activity;sid:81442502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579399)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.121.84.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579399/; classtype:trojan-activity;sid:81442499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579400)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.121.9.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579400/; classtype:trojan-activity;sid:81442500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579393)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.121.97.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579393/; classtype:trojan-activity;sid:81442493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579392)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.122.222.195"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579392/; classtype:trojan-activity;sid:81442492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579398)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.123.209.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579398/; classtype:trojan-activity;sid:81442498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579401)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"182.124.130.28"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579401/; classtype:trojan-activity;sid:81442501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579395)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.124.161.27"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579395/; classtype:trojan-activity;sid:81442495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579394)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.124.79.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579394/; classtype:trojan-activity;sid:81442494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579397)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.126.113.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579397/; classtype:trojan-activity;sid:81442497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579396)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.126.121.228"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579396/; classtype:trojan-activity;sid:81442496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579391)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.121.29.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579391/; classtype:trojan-activity;sid:81442491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579383)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"182.120.65.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579383/; classtype:trojan-activity;sid:81442483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579384)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.121.11.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579384/; classtype:trojan-activity;sid:81442484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579390)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.121.120.185"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579390/; classtype:trojan-activity;sid:81442490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579382)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"182.121.127.27"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579382/; classtype:trojan-activity;sid:81442482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579385)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.121.129.89"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579385/; classtype:trojan-activity;sid:81442485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579389)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.121.157.141"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579389/; classtype:trojan-activity;sid:81442489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579387)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"182.121.202.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579387/; classtype:trojan-activity;sid:81442487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579386)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.121.25.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579386/; classtype:trojan-activity;sid:81442486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579388)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.121.29.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579388/; classtype:trojan-activity;sid:81442488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579381)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.121.212.132"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579381/; classtype:trojan-activity;sid:81442481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579379)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"182.120.14.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579379/; classtype:trojan-activity;sid:81442479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579380)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"182.120.36.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579380/; classtype:trojan-activity;sid:81442480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579378)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"182.117.88.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579378/; classtype:trojan-activity;sid:81442478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579376)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.117.94.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579376/; classtype:trojan-activity;sid:81442476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579371)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"182.119.164.65"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579371/; classtype:trojan-activity;sid:81442471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579372)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.119.207.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579372/; classtype:trojan-activity;sid:81442472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579373)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.119.229.171"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579373/; classtype:trojan-activity;sid:81442473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579374)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.119.49.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579374/; classtype:trojan-activity;sid:81442474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579377)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"182.120.16.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579377/; classtype:trojan-activity;sid:81442477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579375)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.120.245.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579375/; classtype:trojan-activity;sid:81442475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579370)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"182.117.68.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579370/; classtype:trojan-activity;sid:81442470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579367)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.117.108.239"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579367/; classtype:trojan-activity;sid:81442467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579369)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.117.24.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579369/; classtype:trojan-activity;sid:81442469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579366)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"182.117.66.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579366/; classtype:trojan-activity;sid:81442466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579368)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.117.76.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579368/; classtype:trojan-activity;sid:81442468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579363)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.116.79.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579363/; classtype:trojan-activity;sid:81442463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579362)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.117.11.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579362/; classtype:trojan-activity;sid:81442462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579360)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"182.117.25.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579360/; classtype:trojan-activity;sid:81442460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579365)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.117.3.237"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579365/; classtype:trojan-activity;sid:81442465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579364)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"182.117.31.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579364/; classtype:trojan-activity;sid:81442464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579361)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"182.117.64.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579361/; classtype:trojan-activity;sid:81442461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579355)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"182.114.86.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579355/; classtype:trojan-activity;sid:81442455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579352)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"182.115.164.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579352/; classtype:trojan-activity;sid:81442452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579354)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.115.164.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579354/; classtype:trojan-activity;sid:81442454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579357)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.116.105.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579357/; classtype:trojan-activity;sid:81442457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579356)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.116.108.188"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579356/; classtype:trojan-activity;sid:81442456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579359)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"182.116.110.170"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579359/; classtype:trojan-activity;sid:81442459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579353)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"182.116.117.38"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579353/; classtype:trojan-activity;sid:81442453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579358)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"182.116.66.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579358/; classtype:trojan-activity;sid:81442458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579350)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"182.115.180.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579350/; classtype:trojan-activity;sid:81442450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579351)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"182.116.69.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579351/; classtype:trojan-activity;sid:81442451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579349)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"182.114.31.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579349/; classtype:trojan-activity;sid:81442449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579341)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.113.202.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579341/; classtype:trojan-activity;sid:81442441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579348)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.113.206.255"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579348/; classtype:trojan-activity;sid:81442448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579347)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.113.209.238"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579347/; classtype:trojan-activity;sid:81442447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579342)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.113.210.138"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579342/; classtype:trojan-activity;sid:81442442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579344)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.113.211.201"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579344/; classtype:trojan-activity;sid:81442444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579345)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.113.9.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579345/; classtype:trojan-activity;sid:81442445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579343)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.114.125.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579343/; classtype:trojan-activity;sid:81442443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579346)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.114.81.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579346/; classtype:trojan-activity;sid:81442446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579340)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"178.134.185.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579340/; classtype:trojan-activity;sid:81442440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579339)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"179.42.105.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579339/; classtype:trojan-activity;sid:81442439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579337)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"180.104.9.41"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579337/; classtype:trojan-activity;sid:81442437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579336)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"182.112.16.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579336/; classtype:trojan-activity;sid:81442436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579335)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.112.213.85"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579335/; classtype:trojan-activity;sid:81442435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579332)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"182.112.48.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579332/; classtype:trojan-activity;sid:81442432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579334)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.112.50.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579334/; classtype:trojan-activity;sid:81442434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579333)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.112.61.1"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579333/; classtype:trojan-activity;sid:81442433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579338)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.112.97.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579338/; classtype:trojan-activity;sid:81442438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579329)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"176.113.161.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579329/; classtype:trojan-activity;sid:81442429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579330)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"176.113.161.64"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579330/; classtype:trojan-activity;sid:81442430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579331)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"176.113.161.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579331/; classtype:trojan-activity;sid:81442431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579328)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"171.123.109.68"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579328/; classtype:trojan-activity;sid:81442428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579327)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"149.3.85.192"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579327/; classtype:trojan-activity;sid:81442427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579326)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"163.53.252.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579326/; classtype:trojan-activity;sid:81442426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579325)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"160.179.133.104"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579325/; classtype:trojan-activity;sid:81442425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579324)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"125.99.246.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579324/; classtype:trojan-activity;sid:81442424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579323)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"14.155.16.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579323/; classtype:trojan-activity;sid:81442423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579322)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"125.99.241.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579322/; classtype:trojan-activity;sid:81442422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579320)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"125.99.237.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579320/; classtype:trojan-activity;sid:81442420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579321)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"125.99.243.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579321/; classtype:trojan-activity;sid:81442421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579319)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"125.99.243.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579319/; classtype:trojan-activity;sid:81442419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579318)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"125.99.229.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579318/; classtype:trojan-activity;sid:81442418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579317)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"125.99.228.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579317/; classtype:trojan-activity;sid:81442417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579316)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"125.99.231.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579316/; classtype:trojan-activity;sid:81442416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579315)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"125.99.146.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579315/; classtype:trojan-activity;sid:81442415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579314)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"125.99.206.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579314/; classtype:trojan-activity;sid:81442414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579313)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"125.47.245.253"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579313/; classtype:trojan-activity;sid:81442413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579312)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"125.47.240.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579312/; classtype:trojan-activity;sid:81442412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579311)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"125.47.203.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579311/; classtype:trojan-activity;sid:81442411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579310)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"125.47.242.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579310/; classtype:trojan-activity;sid:81442410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579306)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"125.46.243.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579306/; classtype:trojan-activity;sid:81442406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579305)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"125.47.124.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579305/; classtype:trojan-activity;sid:81442405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579307)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"125.47.172.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579307/; classtype:trojan-activity;sid:81442407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579303)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"125.47.242.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579303/; classtype:trojan-activity;sid:81442403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579309)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"125.47.243.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579309/; classtype:trojan-activity;sid:81442409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579308)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"125.47.51.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579308/; classtype:trojan-activity;sid:81442408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579304)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"125.47.87.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579304/; classtype:trojan-activity;sid:81442404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579301)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"125.43.89.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579301/; classtype:trojan-activity;sid:81442401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579302)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"125.45.176.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579302/; classtype:trojan-activity;sid:81442402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579300)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"125.45.41.105"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579300/; classtype:trojan-activity;sid:81442400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579299)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"125.46.197.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579299/; classtype:trojan-activity;sid:81442399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579291)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"125.44.10.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579291/; classtype:trojan-activity;sid:81442391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579295)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"125.44.207.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579295/; classtype:trojan-activity;sid:81442395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579293)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"125.44.213.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579293/; classtype:trojan-activity;sid:81442393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579292)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"125.44.218.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579292/; classtype:trojan-activity;sid:81442392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579290)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"125.45.185.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579290/; classtype:trojan-activity;sid:81442390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579294)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"125.45.58.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579294/; classtype:trojan-activity;sid:81442394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579296)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"125.45.63.81"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579296/; classtype:trojan-activity;sid:81442396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579298)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"125.45.90.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579298/; classtype:trojan-activity;sid:81442398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579297)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"125.46.167.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579297/; classtype:trojan-activity;sid:81442397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579289)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"125.46.206.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579289/; classtype:trojan-activity;sid:81442389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579288)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"125.41.73.234"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579288/; classtype:trojan-activity;sid:81442388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579286)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"125.41.72.102"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579286/; classtype:trojan-activity;sid:81442386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579287)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"125.42.122.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579287/; classtype:trojan-activity;sid:81442387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579283)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"125.41.210.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579283/; classtype:trojan-activity;sid:81442383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579284)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"125.41.3.169"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579284/; classtype:trojan-activity;sid:81442384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579278)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"125.41.73.64"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579278/; classtype:trojan-activity;sid:81442378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579282)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"125.41.79.155"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579282/; classtype:trojan-activity;sid:81442382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579285)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"125.41.9.122"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579285/; classtype:trojan-activity;sid:81442385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579281)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"125.42.120.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579281/; classtype:trojan-activity;sid:81442381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579280)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"125.42.127.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579280/; classtype:trojan-activity;sid:81442380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579279)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"125.42.96.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579279/; classtype:trojan-activity;sid:81442379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579276)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"125.42.125.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579276/; classtype:trojan-activity;sid:81442376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579277)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"125.42.96.239"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579277/; classtype:trojan-activity;sid:81442377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579275)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"125.36.47.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579275/; classtype:trojan-activity;sid:81442375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579274)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"125.41.167.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579274/; classtype:trojan-activity;sid:81442374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579272)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"125.40.112.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579272/; classtype:trojan-activity;sid:81442372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579273)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"125.41.151.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579273/; classtype:trojan-activity;sid:81442373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579270)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"125.40.122.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579270/; classtype:trojan-activity;sid:81442370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579262)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"125.40.144.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579262/; classtype:trojan-activity;sid:81442362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579266)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"125.40.147.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579266/; classtype:trojan-activity;sid:81442366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579263)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"125.40.25.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579263/; classtype:trojan-activity;sid:81442363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579269)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"125.41.10.117"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579269/; classtype:trojan-activity;sid:81442369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579265)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"125.41.11.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579265/; classtype:trojan-activity;sid:81442365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579267)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"125.41.137.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579267/; classtype:trojan-activity;sid:81442367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579268)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"125.41.139.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579268/; classtype:trojan-activity;sid:81442368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579264)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"125.41.148.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579264/; classtype:trojan-activity;sid:81442364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579271)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"125.41.182.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579271/; classtype:trojan-activity;sid:81442371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579259)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"124.131.34.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579259/; classtype:trojan-activity;sid:81442359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579260)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"124.133.141.181"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579260/; classtype:trojan-activity;sid:81442360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579261)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"124.135.178.200"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579261/; classtype:trojan-activity;sid:81442361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579257)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"124.131.117.149"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579257/; classtype:trojan-activity;sid:81442357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579258)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"124.131.43.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579258/; classtype:trojan-activity;sid:81442358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579255)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"124.131.130.85"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579255/; classtype:trojan-activity;sid:81442355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579256)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"124.131.133.53"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579256/; classtype:trojan-activity;sid:81442356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579254)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"124.131.137.137"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579254/; classtype:trojan-activity;sid:81442354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579253)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"124.131.145.119"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579253/; classtype:trojan-activity;sid:81442353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579252)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"123.8.60.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579252/; classtype:trojan-activity;sid:81442352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579251)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"123.9.193.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579251/; classtype:trojan-activity;sid:81442351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579250)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"123.9.63.118"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579250/; classtype:trojan-activity;sid:81442350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579249)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"123.4.94.91"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579249/; classtype:trojan-activity;sid:81442349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579248)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"123.8.19.250"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579248/; classtype:trojan-activity;sid:81442348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579246)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"123.8.248.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579246/; classtype:trojan-activity;sid:81442346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579244)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"124.128.147.153"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579244/; classtype:trojan-activity;sid:81442344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579247)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"124.129.118.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579247/; classtype:trojan-activity;sid:81442347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579245)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"124.129.247.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579245/; classtype:trojan-activity;sid:81442345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579243)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"123.235.15.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579243/; classtype:trojan-activity;sid:81442343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579242)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"123.4.93.226"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579242/; classtype:trojan-activity;sid:81442342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579241)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"123.4.91.230"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579241/; classtype:trojan-activity;sid:81442341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579238)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"123.235.126.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579238/; classtype:trojan-activity;sid:81442338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579240)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"123.235.193.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579240/; classtype:trojan-activity;sid:81442340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579233)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"123.235.219.251"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579233/; classtype:trojan-activity;sid:81442333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579232)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"123.235.235.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579232/; classtype:trojan-activity;sid:81442332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579236)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"123.4.160.245"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579236/; classtype:trojan-activity;sid:81442336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579237)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"123.4.198.233"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579237/; classtype:trojan-activity;sid:81442337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579239)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"123.4.246.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579239/; classtype:trojan-activity;sid:81442339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579234)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"123.4.248.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579234/; classtype:trojan-activity;sid:81442334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579235)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"123.4.81.247"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579235/; classtype:trojan-activity;sid:81442335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579231)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"123.139.103.253"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579231/; classtype:trojan-activity;sid:81442331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579230)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"123.233.236.239"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579230/; classtype:trojan-activity;sid:81442330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579229)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"123.234.249.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579229/; classtype:trojan-activity;sid:81442329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579228)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"123.13.122.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579228/; classtype:trojan-activity;sid:81442328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579227)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"123.134.51.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579227/; classtype:trojan-activity;sid:81442327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579226)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"123.233.37.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579226/; classtype:trojan-activity;sid:81442326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579224)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"123.130.167.180"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579224/; classtype:trojan-activity;sid:81442324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579222)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"123.130.60.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579222/; classtype:trojan-activity;sid:81442322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579221)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"123.14.201.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579221/; classtype:trojan-activity;sid:81442321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579223)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"123.14.79.111"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579223/; classtype:trojan-activity;sid:81442323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579225)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"123.16.91.254"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579225/; classtype:trojan-activity;sid:81442325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579218)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"123.130.90.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579218/; classtype:trojan-activity;sid:81442318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579220)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"123.14.219.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579220/; classtype:trojan-activity;sid:81442320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579219)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"123.14.71.111"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579219/; classtype:trojan-activity;sid:81442319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579216)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"123.10.25.141"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579216/; classtype:trojan-activity;sid:81442316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579215)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"123.10.52.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579215/; classtype:trojan-activity;sid:81442315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579217)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"123.11.6.98"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579217/; classtype:trojan-activity;sid:81442317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579213)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"122.159.199.152"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579213/; classtype:trojan-activity;sid:81442313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579214)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"123.11.65.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579214/; classtype:trojan-activity;sid:81442314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579212)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"122.246.134.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579212/; classtype:trojan-activity;sid:81442312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579210)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"122.252.250.22"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579210/; classtype:trojan-activity;sid:81442310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579208)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"123.11.9.108"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579208/; classtype:trojan-activity;sid:81442308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579209)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"123.11.91.252"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579209/; classtype:trojan-activity;sid:81442309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579211)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"123.12.181.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579211/; classtype:trojan-activity;sid:81442311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579206)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"123.11.168.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579206/; classtype:trojan-activity;sid:81442306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579204)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"123.11.206.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579204/; classtype:trojan-activity;sid:81442304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579205)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"123.12.226.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579205/; classtype:trojan-activity;sid:81442305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579207)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"123.12.234.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579207/; classtype:trojan-activity;sid:81442307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579203)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"120.59.126.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579203/; classtype:trojan-activity;sid:81442303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579202)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"120.69.191.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579202/; classtype:trojan-activity;sid:81442302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579201)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"121.128.217.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579201/; classtype:trojan-activity;sid:81442301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579200)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"121.233.80.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579200/; classtype:trojan-activity;sid:81442300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579198)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"120.7.150.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579198/; classtype:trojan-activity;sid:81442298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579199)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"121.233.24.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579199/; classtype:trojan-activity;sid:81442299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579196)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"120.59.123.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579196/; classtype:trojan-activity;sid:81442296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579197)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"120.59.125.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579197/; classtype:trojan-activity;sid:81442297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579195)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"120.57.215.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579195/; classtype:trojan-activity;sid:81442295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579194)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"120.57.102.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579194/; classtype:trojan-activity;sid:81442294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579193)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"120.57.212.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579193/; classtype:trojan-activity;sid:81442293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579192)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"119.51.193.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579192/; classtype:trojan-activity;sid:81442292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579191)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"119.187.89.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579191/; classtype:trojan-activity;sid:81442291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579190)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"119.189.151.41"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579190/; classtype:trojan-activity;sid:81442290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579186)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"119.189.187.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579186/; classtype:trojan-activity;sid:81442286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579187)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"120.12.93.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579187/; classtype:trojan-activity;sid:81442287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579189)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"120.57.212.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579189/; classtype:trojan-activity;sid:81442289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579188)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"120.57.214.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579188/; classtype:trojan-activity;sid:81442288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579185)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"119.180.104.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579185/; classtype:trojan-activity;sid:81442285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579180)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"119.178.145.89"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579180/; classtype:trojan-activity;sid:81442280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579183)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"119.179.198.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579183/; classtype:trojan-activity;sid:81442283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579184)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"119.179.57.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579184/; classtype:trojan-activity;sid:81442284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579182)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"119.184.32.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579182/; classtype:trojan-activity;sid:81442282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579181)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"119.185.131.159"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579181/; classtype:trojan-activity;sid:81442281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579178)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"119.167.123.233"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579178/; classtype:trojan-activity;sid:81442278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579179)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"119.179.58.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579179/; classtype:trojan-activity;sid:81442279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579177)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"119.179.57.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579177/; classtype:trojan-activity;sid:81442277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579175)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"119.180.119.244"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579175/; classtype:trojan-activity;sid:81442275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579176)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"119.185.148.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579176/; classtype:trojan-activity;sid:81442276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579173)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"119.163.24.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579173/; classtype:trojan-activity;sid:81442273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579174)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"119.165.219.241"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579174/; classtype:trojan-activity;sid:81442274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579172)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"119.166.72.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579172/; classtype:trojan-activity;sid:81442272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579171)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"119.119.191.56"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579171/; classtype:trojan-activity;sid:81442271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579170)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"119.167.0.214"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579170/; classtype:trojan-activity;sid:81442270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579167)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"119.165.145.1"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579167/; classtype:trojan-activity;sid:81442267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579168)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"119.165.83.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579168/; classtype:trojan-activity;sid:81442268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579169)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"119.166.167.59"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579169/; classtype:trojan-activity;sid:81442269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579165)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"119.165.13.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579165/; classtype:trojan-activity;sid:81442265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579162)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"119.165.208.188"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579162/; classtype:trojan-activity;sid:81442262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579163)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"119.165.25.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579163/; classtype:trojan-activity;sid:81442263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579166)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"119.165.8.174"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579166/; classtype:trojan-activity;sid:81442266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579164)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"119.166.125.119"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579164/; classtype:trojan-activity;sid:81442264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579160)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"119.165.3.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579160/; classtype:trojan-activity;sid:81442260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579161)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"119.165.57.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579161/; classtype:trojan-activity;sid:81442261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579159)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.75.98.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579159/; classtype:trojan-activity;sid:81442259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579158)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"117.15.202.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579158/; classtype:trojan-activity;sid:81442258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579157)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.75.82.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579157/; classtype:trojan-activity;sid:81442257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579156)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.75.74.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579156/; classtype:trojan-activity;sid:81442256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579155)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"116.75.86.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579155/; classtype:trojan-activity;sid:81442255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579154)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.75.84.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579154/; classtype:trojan-activity;sid:81442254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579153)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.75.78.155"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579153/; classtype:trojan-activity;sid:81442253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579152)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.75.88.91"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579152/; classtype:trojan-activity;sid:81442252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579151)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.75.75.151"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579151/; classtype:trojan-activity;sid:81442251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579150)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.75.69.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579150/; classtype:trojan-activity;sid:81442250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579149)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.75.66.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579149/; classtype:trojan-activity;sid:81442249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579148)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.75.242.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579148/; classtype:trojan-activity;sid:81442248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579146)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.75.242.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579146/; classtype:trojan-activity;sid:81442246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579147)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.75.246.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579147/; classtype:trojan-activity;sid:81442247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579145)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.75.242.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579145/; classtype:trojan-activity;sid:81442245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579144)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.75.214.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579144/; classtype:trojan-activity;sid:81442244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579143)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"116.75.213.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579143/; classtype:trojan-activity;sid:81442243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579142)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.75.229.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579142/; classtype:trojan-activity;sid:81442242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579141)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.75.214.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579141/; classtype:trojan-activity;sid:81442241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579140)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"116.75.230.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579140/; classtype:trojan-activity;sid:81442240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579139)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.75.212.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579139/; classtype:trojan-activity;sid:81442239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579138)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.75.206.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579138/; classtype:trojan-activity;sid:81442238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579137)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.75.198.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579137/; classtype:trojan-activity;sid:81442237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579136)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"116.75.199.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579136/; classtype:trojan-activity;sid:81442236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579135)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.75.201.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579135/; classtype:trojan-activity;sid:81442235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579134)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"116.75.198.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579134/; classtype:trojan-activity;sid:81442234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579133)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.75.194.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579133/; classtype:trojan-activity;sid:81442233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579132)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.75.195.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579132/; classtype:trojan-activity;sid:81442232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579131)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"116.75.196.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579131/; classtype:trojan-activity;sid:81442231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579130)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.75.197.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579130/; classtype:trojan-activity;sid:81442230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579129)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.75.193.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579129/; classtype:trojan-activity;sid:81442229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579128)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.75.194.0"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579128/; classtype:trojan-activity;sid:81442228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579127)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"116.75.194.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579127/; classtype:trojan-activity;sid:81442227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579126)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.75.192.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579126/; classtype:trojan-activity;sid:81442226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579125)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.75.165.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579125/; classtype:trojan-activity;sid:81442225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579124)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.75.166.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579124/; classtype:trojan-activity;sid:81442224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579123)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"116.75.167.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579123/; classtype:trojan-activity;sid:81442223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579122)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"116.75.167.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579122/; classtype:trojan-activity;sid:81442222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579121)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.75.163.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579121/; classtype:trojan-activity;sid:81442221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579120)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.75.165.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579120/; classtype:trojan-activity;sid:81442220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579119)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.75.167.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579119/; classtype:trojan-activity;sid:81442219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579118)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"116.75.162.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579118/; classtype:trojan-activity;sid:81442218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579117)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.75.127.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579117/; classtype:trojan-activity;sid:81442217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579116)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.75.126.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579116/; classtype:trojan-activity;sid:81442216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579115)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.75.127.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579115/; classtype:trojan-activity;sid:81442215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579114)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"116.75.120.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579114/; classtype:trojan-activity;sid:81442214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579113)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.75.115.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579113/; classtype:trojan-activity;sid:81442213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579112)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.75.109.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579112/; classtype:trojan-activity;sid:81442212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579111)"; flow:established,from_client; content:"GET"; http_method; content:"/armv6l"; http_uri; depth:7; isdataat:!1,relative; content:"45.14.224.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579111/; classtype:trojan-activity;sid:81442211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579110)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; content:"45.14.224.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579110/; classtype:trojan-activity;sid:81442210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579104)"; flow:established,from_client; content:"GET"; http_method; content:"/armv4l"; http_uri; depth:7; isdataat:!1,relative; content:"45.14.224.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579104/; classtype:trojan-activity;sid:81442204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579106)"; flow:established,from_client; content:"GET"; http_method; content:"/armv5l"; http_uri; depth:7; isdataat:!1,relative; content:"45.14.224.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579106/; classtype:trojan-activity;sid:81442206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579105)"; flow:established,from_client; content:"GET"; http_method; content:"/i586"; http_uri; depth:5; isdataat:!1,relative; content:"45.14.224.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579105/; classtype:trojan-activity;sid:81442205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579107)"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; content:"45.14.224.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579107/; classtype:trojan-activity;sid:81442207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579103)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; content:"45.14.224.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579103/; classtype:trojan-activity;sid:81442203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579101)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; content:"45.14.224.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579101/; classtype:trojan-activity;sid:81442201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579102)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel"; http_uri; depth:7; isdataat:!1,relative; content:"45.14.224.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579102/; classtype:trojan-activity;sid:81442202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579100)"; flow:established,from_client; content:"GET"; http_method; content:"/powerpc"; http_uri; depth:8; isdataat:!1,relative; content:"45.14.224.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579100/; classtype:trojan-activity;sid:81442200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579109)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; content:"45.14.224.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579109/; classtype:trojan-activity;sid:81442209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579108)"; flow:established,from_client; content:"GET"; http_method; content:"/sparc"; http_uri; depth:6; isdataat:!1,relative; content:"45.14.224.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579108/; classtype:trojan-activity;sid:81442208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579099)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.74.82.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579099/; classtype:trojan-activity;sid:81442199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579098)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"116.74.79.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579098/; classtype:trojan-activity;sid:81442198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579097)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"116.75.103.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579097/; classtype:trojan-activity;sid:81442197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579096)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"116.74.88.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579096/; classtype:trojan-activity;sid:81442196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579095)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"116.74.93.12"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579095/; classtype:trojan-activity;sid:81442195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579094)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.74.88.191"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579094/; classtype:trojan-activity;sid:81442194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579092)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.74.82.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579092/; classtype:trojan-activity;sid:81442192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579093)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.75.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579093/; classtype:trojan-activity;sid:81442193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579091)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.74.58.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579091/; classtype:trojan-activity;sid:81442191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579090)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.74.77.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579090/; classtype:trojan-activity;sid:81442190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579089)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"116.74.59.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579089/; classtype:trojan-activity;sid:81442189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579088)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.74.58.209"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579088/; classtype:trojan-activity;sid:81442188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579087)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.74.58.232"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579087/; classtype:trojan-activity;sid:81442187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579086)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.74.75.186"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579086/; classtype:trojan-activity;sid:81442186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579085)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.74.20.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579085/; classtype:trojan-activity;sid:81442185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579084)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"116.74.23.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579084/; classtype:trojan-activity;sid:81442184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579083)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.74.22.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579083/; classtype:trojan-activity;sid:81442183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579082)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.74.21.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579082/; classtype:trojan-activity;sid:81442182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579081)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"116.74.242.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579081/; classtype:trojan-activity;sid:81442181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579080)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.74.18.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579080/; classtype:trojan-activity;sid:81442180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579079)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.74.134.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579079/; classtype:trojan-activity;sid:81442179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579078)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.74.133.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579078/; classtype:trojan-activity;sid:81442178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579077)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.74.135.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579077/; classtype:trojan-activity;sid:81442177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579076)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"116.74.134.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579076/; classtype:trojan-activity;sid:81442176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579075)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.74.134.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579075/; classtype:trojan-activity;sid:81442175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579074)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.74.137.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579074/; classtype:trojan-activity;sid:81442174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579073)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.74.108.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579073/; classtype:trojan-activity;sid:81442173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579072)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.74.135.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579072/; classtype:trojan-activity;sid:81442172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579071)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.74.135.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579071/; classtype:trojan-activity;sid:81442171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579070)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.73.95.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579070/; classtype:trojan-activity;sid:81442170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579069)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.73.92.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579069/; classtype:trojan-activity;sid:81442169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579068)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.73.63.173"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579068/; classtype:trojan-activity;sid:81442168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579067)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"116.73.59.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579067/; classtype:trojan-activity;sid:81442167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579066)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"116.73.59.6"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579066/; classtype:trojan-activity;sid:81442166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579065)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"116.73.69.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579065/; classtype:trojan-activity;sid:81442165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579063)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"116.72.86.241"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579063/; classtype:trojan-activity;sid:81442163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579064)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.73.209.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579064/; classtype:trojan-activity;sid:81442164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579061)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.72.86.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579061/; classtype:trojan-activity;sid:81442161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579062)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.72.86.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579062/; classtype:trojan-activity;sid:81442162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579059)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"116.72.248.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579059/; classtype:trojan-activity;sid:81442159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579060)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.72.27.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579060/; classtype:trojan-activity;sid:81442160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579058)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.72.252.1"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579058/; classtype:trojan-activity;sid:81442158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579057)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.72.83.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579057/; classtype:trojan-activity;sid:81442157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579056)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.72.39.227"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579056/; classtype:trojan-activity;sid:81442156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579055)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.72.57.57"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579055/; classtype:trojan-activity;sid:81442155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579054)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.72.202.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579054/; classtype:trojan-activity;sid:81442154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579053)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"116.72.201.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579053/; classtype:trojan-activity;sid:81442153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579052)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.72.198.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579052/; classtype:trojan-activity;sid:81442152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579051)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.72.201.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579051/; classtype:trojan-activity;sid:81442151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579050)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.72.195.119"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579050/; classtype:trojan-activity;sid:81442150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579049)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"116.72.201.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579049/; classtype:trojan-activity;sid:81442149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579048)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.72.129.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579048/; classtype:trojan-activity;sid:81442148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579047)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.99.92.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579047/; classtype:trojan-activity;sid:81442147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579045)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.99.95.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579045/; classtype:trojan-activity;sid:81442145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579046)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.99.96.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579046/; classtype:trojan-activity;sid:81442146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579041)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.99.92.167"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579041/; classtype:trojan-activity;sid:81442141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579042)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.99.95.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579042/; classtype:trojan-activity;sid:81442142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579043)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.99.96.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579043/; classtype:trojan-activity;sid:81442143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579044)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"116.72.110.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579044/; classtype:trojan-activity;sid:81442144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579040)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.114.95.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579040/; classtype:trojan-activity;sid:81442140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579039)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.99.81.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579039/; classtype:trojan-activity;sid:81442139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579038)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.99.84.171"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579038/; classtype:trojan-activity;sid:81442138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579037)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.99.87.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579037/; classtype:trojan-activity;sid:81442137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579036)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"115.99.85.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579036/; classtype:trojan-activity;sid:81442136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579035)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"115.99.91.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579035/; classtype:trojan-activity;sid:81442135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579034)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.99.76.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579034/; classtype:trojan-activity;sid:81442134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579033)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.99.80.47"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579033/; classtype:trojan-activity;sid:81442133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579032)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.99.77.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579032/; classtype:trojan-activity;sid:81442132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579031)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.99.79.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579031/; classtype:trojan-activity;sid:81442131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579030)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.99.69.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579030/; classtype:trojan-activity;sid:81442130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579029)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.99.30.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579029/; classtype:trojan-activity;sid:81442129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579028)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.99.30.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579028/; classtype:trojan-activity;sid:81442128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579027)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.99.29.196"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579027/; classtype:trojan-activity;sid:81442127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579026)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.99.31.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579026/; classtype:trojan-activity;sid:81442126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579024)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.99.28.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579024/; classtype:trojan-activity;sid:81442124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579025)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.99.28.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579025/; classtype:trojan-activity;sid:81442125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579023)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.99.254.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579023/; classtype:trojan-activity;sid:81442123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579022)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.99.240.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579022/; classtype:trojan-activity;sid:81442122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579020)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"115.99.246.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579020/; classtype:trojan-activity;sid:81442120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579021)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.99.246.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579021/; classtype:trojan-activity;sid:81442121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579019)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.99.239.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579019/; classtype:trojan-activity;sid:81442119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579018)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.99.218.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579018/; classtype:trojan-activity;sid:81442118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579017)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"115.99.191.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579017/; classtype:trojan-activity;sid:81442117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579016)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"115.99.197.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579016/; classtype:trojan-activity;sid:81442116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579015)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.99.181.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579015/; classtype:trojan-activity;sid:81442115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579014)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.99.183.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579014/; classtype:trojan-activity;sid:81442114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579013)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"115.99.180.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579013/; classtype:trojan-activity;sid:81442113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579012)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"115.99.174.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579012/; classtype:trojan-activity;sid:81442112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579011)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.99.163.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579011/; classtype:trojan-activity;sid:81442111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579010)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"115.99.167.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579010/; classtype:trojan-activity;sid:81442110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579009)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"115.99.165.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579009/; classtype:trojan-activity;sid:81442109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579008)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"115.99.162.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579008/; classtype:trojan-activity;sid:81442108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579007)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.99.151.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579007/; classtype:trojan-activity;sid:81442107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579006)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"115.99.148.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579006/; classtype:trojan-activity;sid:81442106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579005)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.99.149.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579005/; classtype:trojan-activity;sid:81442105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579004)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"115.99.143.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579004/; classtype:trojan-activity;sid:81442104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579003)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"115.99.148.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579003/; classtype:trojan-activity;sid:81442103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579002)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"115.99.13.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579002/; classtype:trojan-activity;sid:81442102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579001)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.99.136.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579001/; classtype:trojan-activity;sid:81442101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578999)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.99.13.159"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578999/; classtype:trojan-activity;sid:81442099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (579000)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"115.99.13.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/579000/; classtype:trojan-activity;sid:81442100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578998)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"115.99.133.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578998/; classtype:trojan-activity;sid:81442098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578997)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"115.99.13.107"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578997/; classtype:trojan-activity;sid:81442097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578996)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.99.12.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578996/; classtype:trojan-activity;sid:81442096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578995)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"115.99.113.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578995/; classtype:trojan-activity;sid:81442095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578994)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.99.105.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578994/; classtype:trojan-activity;sid:81442094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578993)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.99.109.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578993/; classtype:trojan-activity;sid:81442093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578992)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.99.107.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578992/; classtype:trojan-activity;sid:81442092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578991)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.99.112.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578991/; classtype:trojan-activity;sid:81442091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578990)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.99.106.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578990/; classtype:trojan-activity;sid:81442090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578989)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.99.108.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578989/; classtype:trojan-activity;sid:81442089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578988)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.98.71.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578988/; classtype:trojan-activity;sid:81442088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578987)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.98.8.66"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578987/; classtype:trojan-activity;sid:81442087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578986)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.98.71.121"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578986/; classtype:trojan-activity;sid:81442086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578985)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.98.8.195"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578985/; classtype:trojan-activity;sid:81442085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578983)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.98.70.151"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578983/; classtype:trojan-activity;sid:81442083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578984)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.98.8.97"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578984/; classtype:trojan-activity;sid:81442084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578982)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.98.62.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578982/; classtype:trojan-activity;sid:81442082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578981)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.98.58.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578981/; classtype:trojan-activity;sid:81442081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578980)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.98.58.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578980/; classtype:trojan-activity;sid:81442080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578979)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.98.55.12"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578979/; classtype:trojan-activity;sid:81442079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578978)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"115.98.56.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578978/; classtype:trojan-activity;sid:81442078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578977)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"115.98.52.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578977/; classtype:trojan-activity;sid:81442077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578976)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.98.48.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578976/; classtype:trojan-activity;sid:81442076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578975)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.98.46.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578975/; classtype:trojan-activity;sid:81442075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578974)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.98.47.166"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578974/; classtype:trojan-activity;sid:81442074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578973)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.98.45.64"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578973/; classtype:trojan-activity;sid:81442073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578972)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.98.33.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578972/; classtype:trojan-activity;sid:81442072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578971)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.98.33.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578971/; classtype:trojan-activity;sid:81442071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578970)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.98.45.26"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578970/; classtype:trojan-activity;sid:81442070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578969)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"115.98.227.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578969/; classtype:trojan-activity;sid:81442069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578967)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.98.228.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578967/; classtype:trojan-activity;sid:81442067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578968)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.98.228.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578968/; classtype:trojan-activity;sid:81442068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578966)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"115.98.21.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578966/; classtype:trojan-activity;sid:81442066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578965)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"115.98.206.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578965/; classtype:trojan-activity;sid:81442065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578964)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"115.98.206.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578964/; classtype:trojan-activity;sid:81442064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578963)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"115.98.2.126"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578963/; classtype:trojan-activity;sid:81442063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578962)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.98.189.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578962/; classtype:trojan-activity;sid:81442062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578961)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.98.19.1"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578961/; classtype:trojan-activity;sid:81442061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578960)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.98.190.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578960/; classtype:trojan-activity;sid:81442060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578959)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.98.191.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578959/; classtype:trojan-activity;sid:81442059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578958)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"115.98.182.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578958/; classtype:trojan-activity;sid:81442058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578956)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.98.186.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578956/; classtype:trojan-activity;sid:81442056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578957)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.98.187.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578957/; classtype:trojan-activity;sid:81442057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578955)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.98.179.230"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578955/; classtype:trojan-activity;sid:81442055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578954)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.98.179.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578954/; classtype:trojan-activity;sid:81442054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578953)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.98.146.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578953/; classtype:trojan-activity;sid:81442053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578952)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"115.98.147.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578952/; classtype:trojan-activity;sid:81442052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578950)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"115.98.148.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578950/; classtype:trojan-activity;sid:81442050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578951)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.98.15.247"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578951/; classtype:trojan-activity;sid:81442051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578949)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.98.146.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578949/; classtype:trojan-activity;sid:81442049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578948)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.98.147.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578948/; classtype:trojan-activity;sid:81442048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578947)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.98.11.168"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578947/; classtype:trojan-activity;sid:81442047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578946)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"115.98.101.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578946/; classtype:trojan-activity;sid:81442046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578945)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.98.0.174"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578945/; classtype:trojan-activity;sid:81442045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578944)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.97.83.5"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578944/; classtype:trojan-activity;sid:81442044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578943)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.97.82.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578943/; classtype:trojan-activity;sid:81442043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578942)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.97.83.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578942/; classtype:trojan-activity;sid:81442042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578941)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.97.7.238"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578941/; classtype:trojan-activity;sid:81442041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578940)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.97.7.232"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578940/; classtype:trojan-activity;sid:81442040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578939)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"115.97.64.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578939/; classtype:trojan-activity;sid:81442039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578938)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.97.81.21"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578938/; classtype:trojan-activity;sid:81442038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578937)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.97.81.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578937/; classtype:trojan-activity;sid:81442037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578936)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.97.30.6"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578936/; classtype:trojan-activity;sid:81442036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578935)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.97.31.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578935/; classtype:trojan-activity;sid:81442035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578934)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.97.31.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578934/; classtype:trojan-activity;sid:81442034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578933)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.97.30.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578933/; classtype:trojan-activity;sid:81442033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578932)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.97.64.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578932/; classtype:trojan-activity;sid:81442032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578931)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"115.97.207.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578931/; classtype:trojan-activity;sid:81442031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578930)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.97.195.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578930/; classtype:trojan-activity;sid:81442030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578929)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.97.19.38"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578929/; classtype:trojan-activity;sid:81442029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578927)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.97.195.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578927/; classtype:trojan-activity;sid:81442027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578928)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.97.195.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578928/; classtype:trojan-activity;sid:81442028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578926)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.97.166.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578926/; classtype:trojan-activity;sid:81442026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578925)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.97.18.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578925/; classtype:trojan-activity;sid:81442025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578924)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.97.19.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578924/; classtype:trojan-activity;sid:81442024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578922)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.97.164.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578922/; classtype:trojan-activity;sid:81442022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578921)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.97.164.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578921/; classtype:trojan-activity;sid:81442021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578923)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.97.18.239"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578923/; classtype:trojan-activity;sid:81442023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578920)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.97.18.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578920/; classtype:trojan-activity;sid:81442020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578919)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.97.136.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578919/; classtype:trojan-activity;sid:81442019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578918)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.97.141.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578918/; classtype:trojan-activity;sid:81442018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578917)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.97.140.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578917/; classtype:trojan-activity;sid:81442017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578916)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.97.102.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578916/; classtype:trojan-activity;sid:81442016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578915)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"115.97.122.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578915/; classtype:trojan-activity;sid:81442015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578914)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.97.102.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578914/; classtype:trojan-activity;sid:81442014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578913)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.97.123.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578913/; classtype:trojan-activity;sid:81442013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578912)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"115.97.123.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578912/; classtype:trojan-activity;sid:81442012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578910)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.96.84.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578910/; classtype:trojan-activity;sid:81442010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578911)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.97.132.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578911/; classtype:trojan-activity;sid:81442011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578909)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.96.75.121"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578909/; classtype:trojan-activity;sid:81442009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578908)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.96.74.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578908/; classtype:trojan-activity;sid:81442008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578907)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.96.73.31"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578907/; classtype:trojan-activity;sid:81442007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578906)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.96.76.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578906/; classtype:trojan-activity;sid:81442006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578905)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"115.96.76.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578905/; classtype:trojan-activity;sid:81442005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578904)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"115.96.84.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578904/; classtype:trojan-activity;sid:81442004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578903)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.96.66.94"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578903/; classtype:trojan-activity;sid:81442003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578902)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"115.96.26.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578902/; classtype:trojan-activity;sid:81442002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578901)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.96.30.188"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578901/; classtype:trojan-activity;sid:81442001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578900)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"115.96.67.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578900/; classtype:trojan-activity;sid:81442000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578897)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"115.96.60.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578897/; classtype:trojan-activity;sid:81441997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578899)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.96.63.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578899/; classtype:trojan-activity;sid:81441999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578898)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"115.96.67.113"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578898/; classtype:trojan-activity;sid:81441998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578896)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.96.167.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578896/; classtype:trojan-activity;sid:81441996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578895)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.96.187.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578895/; classtype:trojan-activity;sid:81441995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578894)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.96.25.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578894/; classtype:trojan-activity;sid:81441994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578893)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.96.184.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578893/; classtype:trojan-activity;sid:81441993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578892)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.96.185.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578892/; classtype:trojan-activity;sid:81441992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578891)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.96.194.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578891/; classtype:trojan-activity;sid:81441991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578890)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.96.167.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578890/; classtype:trojan-activity;sid:81441990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578889)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"115.96.167.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578889/; classtype:trojan-activity;sid:81441989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578885)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"115.96.185.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578885/; classtype:trojan-activity;sid:81441985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578888)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.96.186.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578888/; classtype:trojan-activity;sid:81441988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578887)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.96.187.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578887/; classtype:trojan-activity;sid:81441987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578886)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"115.96.187.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578886/; classtype:trojan-activity;sid:81441986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578884)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.96.166.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578884/; classtype:trojan-activity;sid:81441984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578883)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.96.149.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578883/; classtype:trojan-activity;sid:81441983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578882)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.96.166.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578882/; classtype:trojan-activity;sid:81441982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578881)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.96.151.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578881/; classtype:trojan-activity;sid:81441981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578880)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.96.164.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578880/; classtype:trojan-activity;sid:81441980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578879)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.96.146.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578879/; classtype:trojan-activity;sid:81441979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578877)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.96.145.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578877/; classtype:trojan-activity;sid:81441977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578876)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.96.145.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578876/; classtype:trojan-activity;sid:81441976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578878)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.96.146.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578878/; classtype:trojan-activity;sid:81441978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578875)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.96.140.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578875/; classtype:trojan-activity;sid:81441975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578874)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.96.138.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578874/; classtype:trojan-activity;sid:81441974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578873)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.96.134.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578873/; classtype:trojan-activity;sid:81441973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578872)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.96.137.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578872/; classtype:trojan-activity;sid:81441972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578870)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.96.138.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578870/; classtype:trojan-activity;sid:81441970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578871)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"115.96.140.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578871/; classtype:trojan-activity;sid:81441971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578869)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.96.126.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578869/; classtype:trojan-activity;sid:81441969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578868)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.96.124.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578868/; classtype:trojan-activity;sid:81441968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578866)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"115.96.125.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578866/; classtype:trojan-activity;sid:81441966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578867)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.96.129.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578867/; classtype:trojan-activity;sid:81441967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578865)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.96.123.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578865/; classtype:trojan-activity;sid:81441965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578864)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.96.109.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578864/; classtype:trojan-activity;sid:81441964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578862)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.63.179.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578862/; classtype:trojan-activity;sid:81441962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578863)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.63.39.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578863/; classtype:trojan-activity;sid:81441963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578860)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.62.158.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578860/; classtype:trojan-activity;sid:81441960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578861)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.88.206.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578861/; classtype:trojan-activity;sid:81441961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578859)"; flow:established,from_client; content:"GET"; http_method; content:"/ayedz.ppc"; http_uri; depth:10; isdataat:!1,relative; content:"37.49.230.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578859/; classtype:trojan-activity;sid:81441959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578858)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.63.185.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578858/; classtype:trojan-activity;sid:81441958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578856)"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.sh4"; http_uri; depth:21; isdataat:!1,relative; content:"155.138.162.103"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578856/; classtype:trojan-activity;sid:81441956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578857)"; flow:established,from_client; content:"GET"; http_method; content:"/ayedz.armv61"; http_uri; depth:13; isdataat:!1,relative; content:"37.49.230.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578857/; classtype:trojan-activity;sid:81441957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578855)"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; content:"37.49.230.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578855/; classtype:trojan-activity;sid:81441955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578853)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.62.169.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578853/; classtype:trojan-activity;sid:81441953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578854)"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.arm7"; http_uri; depth:22; isdataat:!1,relative; content:"155.138.162.103"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578854/; classtype:trojan-activity;sid:81441954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578852)"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.mips"; http_uri; depth:22; isdataat:!1,relative; content:"155.138.162.103"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578852/; classtype:trojan-activity;sid:81441952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578849)"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.arm6"; http_uri; depth:22; isdataat:!1,relative; content:"155.138.162.103"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578849/; classtype:trojan-activity;sid:81441949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578851)"; flow:established,from_client; content:"GET"; http_method; content:"/ayedz.m68k"; http_uri; depth:11; isdataat:!1,relative; content:"37.49.230.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578851/; classtype:trojan-activity;sid:81441951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578850)"; flow:established,from_client; content:"GET"; http_method; content:"/[cpu]"; http_uri; depth:6; isdataat:!1,relative; content:"37.49.230.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578850/; classtype:trojan-activity;sid:81441950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578847)"; flow:established,from_client; content:"GET"; http_method; content:"/ayedz.i686"; http_uri; depth:11; isdataat:!1,relative; content:"37.49.230.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578847/; classtype:trojan-activity;sid:81441947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578848)"; flow:established,from_client; content:"GET"; http_method; content:"/ayedz.mips"; http_uri; depth:11; isdataat:!1,relative; content:"37.49.230.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578848/; classtype:trojan-activity;sid:81441948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578846)"; flow:established,from_client; content:"GET"; http_method; content:"/ayedz.x86"; http_uri; depth:10; isdataat:!1,relative; content:"37.49.230.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578846/; classtype:trojan-activity;sid:81441946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578845)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.63.183.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578845/; classtype:trojan-activity;sid:81441945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578843)"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.arm5"; http_uri; depth:22; isdataat:!1,relative; content:"155.138.162.103"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578843/; classtype:trojan-activity;sid:81441943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578844)"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.m68k"; http_uri; depth:22; isdataat:!1,relative; content:"155.138.162.103"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578844/; classtype:trojan-activity;sid:81441944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578841)"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.mpsl"; http_uri; depth:22; isdataat:!1,relative; content:"155.138.162.103"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578841/; classtype:trojan-activity;sid:81441941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578842)"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.ppc"; http_uri; depth:21; isdataat:!1,relative; content:"155.138.162.103"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578842/; classtype:trojan-activity;sid:81441942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578840)"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.x86"; http_uri; depth:21; isdataat:!1,relative; content:"155.138.162.103"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578840/; classtype:trojan-activity;sid:81441940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578838)"; flow:established,from_client; content:"GET"; http_method; content:"/apache2"; http_uri; depth:8; isdataat:!1,relative; content:"37.49.230.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578838/; classtype:trojan-activity;sid:81441938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578836)"; flow:established,from_client; content:"GET"; http_method; content:"/ayedz.i586"; http_uri; depth:11; isdataat:!1,relative; content:"37.49.230.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578836/; classtype:trojan-activity;sid:81441936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578837)"; flow:established,from_client; content:"GET"; http_method; content:"/ayedz.mipsel"; http_uri; depth:13; isdataat:!1,relative; content:"37.49.230.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578837/; classtype:trojan-activity;sid:81441937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578839)"; flow:established,from_client; content:"GET"; http_method; content:"/ayedz.sh4"; http_uri; depth:10; isdataat:!1,relative; content:"37.49.230.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578839/; classtype:trojan-activity;sid:81441939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578835)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.58.133.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578835/; classtype:trojan-activity;sid:81441935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578831)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.58.21.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578831/; classtype:trojan-activity;sid:81441931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578833)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.59.210.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578833/; classtype:trojan-activity;sid:81441933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578834)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.62.147.143"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578834/; classtype:trojan-activity;sid:81441934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578832)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.62.151.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578832/; classtype:trojan-activity;sid:81441932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578823)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.58.103.124"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578823/; classtype:trojan-activity;sid:81441923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578828)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.58.134.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578828/; classtype:trojan-activity;sid:81441928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578821)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.58.22.246"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578821/; classtype:trojan-activity;sid:81441921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578825)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.59.192.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578825/; classtype:trojan-activity;sid:81441925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578830)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.59.200.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578830/; classtype:trojan-activity;sid:81441930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578824)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.59.214.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578824/; classtype:trojan-activity;sid:81441924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578826)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.59.226.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578826/; classtype:trojan-activity;sid:81441926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578822)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"115.59.27.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578822/; classtype:trojan-activity;sid:81441922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578829)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.59.4.103"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578829/; classtype:trojan-activity;sid:81441929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578827)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.61.99.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578827/; classtype:trojan-activity;sid:81441927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578820)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"115.55.200.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578820/; classtype:trojan-activity;sid:81441920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578819)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.56.129.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578819/; classtype:trojan-activity;sid:81441919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578817)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.56.184.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578817/; classtype:trojan-activity;sid:81441917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578818)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"115.56.216.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578818/; classtype:trojan-activity;sid:81441918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578816)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.56.136.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578816/; classtype:trojan-activity;sid:81441916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578815)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"115.56.142.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578815/; classtype:trojan-activity;sid:81441915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578814)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.56.152.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578814/; classtype:trojan-activity;sid:81441914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578810)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.55.53.208"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578810/; classtype:trojan-activity;sid:81441910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578812)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"115.56.146.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578812/; classtype:trojan-activity;sid:81441912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578811)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.56.152.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578811/; classtype:trojan-activity;sid:81441911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578808)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"115.56.168.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578808/; classtype:trojan-activity;sid:81441908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578809)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.56.179.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578809/; classtype:trojan-activity;sid:81441909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578807)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.56.200.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578807/; classtype:trojan-activity;sid:81441907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578813)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.56.203.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578813/; classtype:trojan-activity;sid:81441913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578806)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"115.55.137.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578806/; classtype:trojan-activity;sid:81441906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578800)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.54.207.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578800/; classtype:trojan-activity;sid:81441900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578802)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.54.241.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578802/; classtype:trojan-activity;sid:81441902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578799)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"115.55.129.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578799/; classtype:trojan-activity;sid:81441899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578805)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.55.132.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578805/; classtype:trojan-activity;sid:81441905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578804)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"115.55.178.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578804/; classtype:trojan-activity;sid:81441904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578801)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.55.179.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578801/; classtype:trojan-activity;sid:81441901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578803)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.55.182.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578803/; classtype:trojan-activity;sid:81441903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578798)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.54.204.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578798/; classtype:trojan-activity;sid:81441898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578797)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.52.226.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578797/; classtype:trojan-activity;sid:81441897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578793)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.50.67.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578793/; classtype:trojan-activity;sid:81441893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578789)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.50.76.53"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578789/; classtype:trojan-activity;sid:81441889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578791)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.51.123.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578791/; classtype:trojan-activity;sid:81441891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578790)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.51.95.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578790/; classtype:trojan-activity;sid:81441890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578792)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"115.52.239.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578792/; classtype:trojan-activity;sid:81441892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578796)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.53.248.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578796/; classtype:trojan-activity;sid:81441896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578788)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"115.54.144.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578788/; classtype:trojan-activity;sid:81441888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578795)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.54.169.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578795/; classtype:trojan-activity;sid:81441895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578794)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.54.195.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578794/; classtype:trojan-activity;sid:81441894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578787)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"115.54.204.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578787/; classtype:trojan-activity;sid:81441887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578785)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.50.15.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578785/; classtype:trojan-activity;sid:81441885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578786)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.50.252.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578786/; classtype:trojan-activity;sid:81441886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578783)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"115.50.244.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578783/; classtype:trojan-activity;sid:81441883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578784)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.50.3.82"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578784/; classtype:trojan-activity;sid:81441884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578781)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.49.74.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578781/; classtype:trojan-activity;sid:81441881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578780)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.50.235.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578780/; classtype:trojan-activity;sid:81441880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578779)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"115.50.238.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578779/; classtype:trojan-activity;sid:81441879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578782)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.50.33.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578782/; classtype:trojan-activity;sid:81441882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578777)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.50.1.137"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578777/; classtype:trojan-activity;sid:81441877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578778)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"115.50.100.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578778/; classtype:trojan-activity;sid:81441878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578775)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.50.148.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578775/; classtype:trojan-activity;sid:81441875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578774)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.50.164.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578774/; classtype:trojan-activity;sid:81441874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578773)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.50.215.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578773/; classtype:trojan-activity;sid:81441873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578776)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"115.50.66.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578776/; classtype:trojan-activity;sid:81441876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578770)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"115.48.178.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578770/; classtype:trojan-activity;sid:81441870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578771)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.48.19.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578771/; classtype:trojan-activity;sid:81441871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578769)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.48.210.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578769/; classtype:trojan-activity;sid:81441869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578772)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.49.73.15"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578772/; classtype:trojan-activity;sid:81441872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578768)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"115.48.232.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578768/; classtype:trojan-activity;sid:81441868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578767)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"115.48.27.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578767/; classtype:trojan-activity;sid:81441867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578766)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.49.62.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578766/; classtype:trojan-activity;sid:81441866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578762)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.48.145.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578762/; classtype:trojan-activity;sid:81441862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578761)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"115.48.156.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578761/; classtype:trojan-activity;sid:81441861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578760)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.48.207.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578760/; classtype:trojan-activity;sid:81441860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578763)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.48.233.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578763/; classtype:trojan-activity;sid:81441863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578758)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"115.48.234.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578758/; classtype:trojan-activity;sid:81441858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578759)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.49.21.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578759/; classtype:trojan-activity;sid:81441859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578765)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.49.241.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578765/; classtype:trojan-activity;sid:81441865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578764)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.49.44.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578764/; classtype:trojan-activity;sid:81441864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578752)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"113.133.230.72"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578752/; classtype:trojan-activity;sid:81441852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578755)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"113.8.116.203"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578755/; classtype:trojan-activity;sid:81441855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578753)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"113.88.133.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578753/; classtype:trojan-activity;sid:81441853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578757)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"114.234.63.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578757/; classtype:trojan-activity;sid:81441857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578756)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.48.130.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578756/; classtype:trojan-activity;sid:81441856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578754)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.48.144.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578754/; classtype:trojan-activity;sid:81441854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578751)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"112.27.124.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578751/; classtype:trojan-activity;sid:81441851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578750)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"113.110.244.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578750/; classtype:trojan-activity;sid:81441850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578748)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"112.255.70.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578748/; classtype:trojan-activity;sid:81441848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578747)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"113.116.123.158"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578747/; classtype:trojan-activity;sid:81441847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578749)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"113.13.54.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578749/; classtype:trojan-activity;sid:81441849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578743)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"112.255.156.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578743/; classtype:trojan-activity;sid:81441843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578745)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"112.30.1.148"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578745/; classtype:trojan-activity;sid:81441845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578746)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"112.30.1.54"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578746/; classtype:trojan-activity;sid:81441846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578744)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"113.116.0.12"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578744/; classtype:trojan-activity;sid:81441844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578742)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"112.255.158.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578742/; classtype:trojan-activity;sid:81441842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578741)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"112.255.72.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578741/; classtype:trojan-activity;sid:81441841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578739)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"112.249.81.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578739/; classtype:trojan-activity;sid:81441839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578740)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"112.252.197.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578740/; classtype:trojan-activity;sid:81441840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578738)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"112.254.24.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578738/; classtype:trojan-activity;sid:81441838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578736)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"112.249.34.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578736/; classtype:trojan-activity;sid:81441836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578732)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"112.249.34.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578732/; classtype:trojan-activity;sid:81441832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578731)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"112.249.64.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578731/; classtype:trojan-activity;sid:81441831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578730)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"112.249.80.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578730/; classtype:trojan-activity;sid:81441830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578729)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"112.252.199.131"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578729/; classtype:trojan-activity;sid:81441829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578737)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"112.254.11.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578737/; classtype:trojan-activity;sid:81441837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578733)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"112.254.141.9"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578733/; classtype:trojan-activity;sid:81441833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578734)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"112.254.214.60"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578734/; classtype:trojan-activity;sid:81441834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578735)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"112.254.57.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578735/; classtype:trojan-activity;sid:81441835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578728)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"112.255.130.102"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578728/; classtype:trojan-activity;sid:81441828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578727)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"112.242.225.141"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578727/; classtype:trojan-activity;sid:81441827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578724)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"112.248.174.42"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578724/; classtype:trojan-activity;sid:81441824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578725)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"112.249.191.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578725/; classtype:trojan-activity;sid:81441825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578726)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"112.249.237.87"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578726/; classtype:trojan-activity;sid:81441826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578714)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"112.239.120.147"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578714/; classtype:trojan-activity;sid:81441814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578723)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"112.240.252.28"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578723/; classtype:trojan-activity;sid:81441823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578719)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"112.242.2.202"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578719/; classtype:trojan-activity;sid:81441819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578718)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"112.242.212.254"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578718/; classtype:trojan-activity;sid:81441818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578720)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"112.242.244.100"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578720/; classtype:trojan-activity;sid:81441820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578722)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"112.246.73.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578722/; classtype:trojan-activity;sid:81441822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578717)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"112.248.100.36"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578717/; classtype:trojan-activity;sid:81441817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578721)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"112.248.162.76"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578721/; classtype:trojan-activity;sid:81441821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578715)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"112.249.129.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578715/; classtype:trojan-activity;sid:81441815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578716)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"112.249.224.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578716/; classtype:trojan-activity;sid:81441816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578712)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"112.238.125.113"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578712/; classtype:trojan-activity;sid:81441812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578710)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"112.238.127.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578710/; classtype:trojan-activity;sid:81441810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578711)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"112.238.189.171"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578711/; classtype:trojan-activity;sid:81441811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578713)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"112.238.196.186"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578713/; classtype:trojan-activity;sid:81441813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578704)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"112.237.97.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578704/; classtype:trojan-activity;sid:81441804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578709)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"112.238.15.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578709/; classtype:trojan-activity;sid:81441809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578707)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"112.238.151.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578707/; classtype:trojan-activity;sid:81441807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578702)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"112.238.19.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578702/; classtype:trojan-activity;sid:81441802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578701)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"112.238.220.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578701/; classtype:trojan-activity;sid:81441801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578705)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"112.238.228.71"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578705/; classtype:trojan-activity;sid:81441805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578706)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"112.238.231.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578706/; classtype:trojan-activity;sid:81441806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578703)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"112.238.4.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578703/; classtype:trojan-activity;sid:81441803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578708)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"112.238.62.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578708/; classtype:trojan-activity;sid:81441808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578700)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"112.239.119.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578700/; classtype:trojan-activity;sid:81441800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578697)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"112.225.20.119"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578697/; classtype:trojan-activity;sid:81441797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578693)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"112.226.10.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578693/; classtype:trojan-activity;sid:81441793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578694)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"112.226.115.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578694/; classtype:trojan-activity;sid:81441794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578699)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"112.226.122.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578699/; classtype:trojan-activity;sid:81441799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578696)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"112.226.141.46"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578696/; classtype:trojan-activity;sid:81441796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578698)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"112.232.234.97"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578698/; classtype:trojan-activity;sid:81441798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578695)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"112.237.161.82"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578695/; classtype:trojan-activity;sid:81441795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578692)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"112.237.216.180"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578692/; classtype:trojan-activity;sid:81441792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578691)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"112.17.152.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578691/; classtype:trojan-activity;sid:81441791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578690)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.174.217.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578690/; classtype:trojan-activity;sid:81441790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578689)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.182.236.238"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578689/; classtype:trojan-activity;sid:81441789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578684)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.165.242.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578684/; classtype:trojan-activity;sid:81441784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578687)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"112.17.136.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578687/; classtype:trojan-activity;sid:81441787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578686)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"112.17.163.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578686/; classtype:trojan-activity;sid:81441786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578688)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"112.225.119.51"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578688/; classtype:trojan-activity;sid:81441788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578685)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"112.225.14.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578685/; classtype:trojan-activity;sid:81441785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578682)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"112.225.124.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578682/; classtype:trojan-activity;sid:81441782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578681)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"112.225.147.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578681/; classtype:trojan-activity;sid:81441781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578683)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"112.225.147.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578683/; classtype:trojan-activity;sid:81441783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578679)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"103.91.245.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578679/; classtype:trojan-activity;sid:81441779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578680)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"106.0.57.249"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578680/; classtype:trojan-activity;sid:81441780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578678)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"103.97.138.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578678/; classtype:trojan-activity;sid:81441778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578677)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"106.0.56.209"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578677/; classtype:trojan-activity;sid:81441777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578676)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"106.0.57.80"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578676/; classtype:trojan-activity;sid:81441776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578675)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"109.207.101.141"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578675/; classtype:trojan-activity;sid:81441775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578674)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"110.18.194.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578674/; classtype:trojan-activity;sid:81441774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578673)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"103.235.165.183"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578673/; classtype:trojan-activity;sid:81441773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578672)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"103.223.12.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578672/; classtype:trojan-activity;sid:81441772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578671)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"103.73.152.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578671/; classtype:trojan-activity;sid:81441771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578670)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"103.73.154.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578670/; classtype:trojan-activity;sid:81441770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578668)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"103.117.152.59"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578668/; classtype:trojan-activity;sid:81441768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578669)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"103.20.3.34"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578669/; classtype:trojan-activity;sid:81441769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578667)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"85.106.225.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578667/; classtype:trojan-activity;sid:81441767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578666)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"92.54.237.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578666/; classtype:trojan-activity;sid:81441766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578665)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"78.37.174.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578665/; classtype:trojan-activity;sid:81441765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578664)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"74.50.197.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578664/; classtype:trojan-activity;sid:81441764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578663)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"62.29.105.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578663/; classtype:trojan-activity;sid:81441763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578662)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"78.173.17.21"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578662/; classtype:trojan-activity;sid:81441762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578660)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"61.52.79.68"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578660/; classtype:trojan-activity;sid:81441760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578658)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"61.52.96.96"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578658/; classtype:trojan-activity;sid:81441758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578661)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"61.53.194.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578661/; classtype:trojan-activity;sid:81441761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578659)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"61.53.252.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578659/; classtype:trojan-activity;sid:81441759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578657)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"61.53.56.222"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578657/; classtype:trojan-activity;sid:81441757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578656)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"61.52.77.108"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578656/; classtype:trojan-activity;sid:81441756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578655)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"61.52.84.228"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578655/; classtype:trojan-activity;sid:81441755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578651)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"61.52.86.118"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578651/; classtype:trojan-activity;sid:81441751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578653)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"61.52.96.222"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578653/; classtype:trojan-activity;sid:81441753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578652)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"61.53.121.124"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578652/; classtype:trojan-activity;sid:81441752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578654)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"61.53.150.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578654/; classtype:trojan-activity;sid:81441754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578650)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"61.53.174.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578650/; classtype:trojan-activity;sid:81441750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578648)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"61.54.251.213"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578648/; classtype:trojan-activity;sid:81441748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578649)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"61.54.68.16"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578649/; classtype:trojan-activity;sid:81441749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578642)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"61.52.103.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578642/; classtype:trojan-activity;sid:81441742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578640)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"61.52.185.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578640/; classtype:trojan-activity;sid:81441740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578639)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"61.52.196.35"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578639/; classtype:trojan-activity;sid:81441739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578646)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"61.52.198.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578646/; classtype:trojan-activity;sid:81441746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578638)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"61.52.209.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578638/; classtype:trojan-activity;sid:81441738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578645)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"61.52.211.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578645/; classtype:trojan-activity;sid:81441745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578647)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"61.52.232.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578647/; classtype:trojan-activity;sid:81441747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578644)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"61.52.246.115"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578644/; classtype:trojan-activity;sid:81441744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578643)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"61.52.29.171"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578643/; classtype:trojan-activity;sid:81441743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578641)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"61.52.56.126"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578641/; classtype:trojan-activity;sid:81441741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578637)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"61.162.165.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578637/; classtype:trojan-activity;sid:81441737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578636)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"61.163.149.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578636/; classtype:trojan-activity;sid:81441736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578635)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"60.254.89.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578635/; classtype:trojan-activity;sid:81441735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578634)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"60.254.107.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578634/; classtype:trojan-activity;sid:81441734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578633)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"60.243.49.227"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578633/; classtype:trojan-activity;sid:81441733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578632)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"60.243.48.124"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578632/; classtype:trojan-activity;sid:81441732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578631)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"60.243.251.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578631/; classtype:trojan-activity;sid:81441731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578630)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"60.243.252.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578630/; classtype:trojan-activity;sid:81441730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578629)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"60.243.48.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578629/; classtype:trojan-activity;sid:81441729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578628)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"60.243.227.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578628/; classtype:trojan-activity;sid:81441728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578627)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"60.243.225.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578627/; classtype:trojan-activity;sid:81441727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578626)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"60.243.224.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578626/; classtype:trojan-activity;sid:81441726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578625)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"60.243.182.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578625/; classtype:trojan-activity;sid:81441725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578624)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"60.243.174.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578624/; classtype:trojan-activity;sid:81441724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578623)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"60.243.165.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578623/; classtype:trojan-activity;sid:81441723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578622)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"60.243.126.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578622/; classtype:trojan-activity;sid:81441722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578621)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"60.243.127.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578621/; classtype:trojan-activity;sid:81441721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578620)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"60.243.146.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578620/; classtype:trojan-activity;sid:81441720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578619)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"60.243.123.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578619/; classtype:trojan-activity;sid:81441719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578617)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"60.243.120.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578617/; classtype:trojan-activity;sid:81441717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578618)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"60.243.121.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578618/; classtype:trojan-activity;sid:81441718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578615)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"60.243.121.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578615/; classtype:trojan-activity;sid:81441715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578616)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"60.243.123.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578616/; classtype:trojan-activity;sid:81441716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578614)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"60.243.122.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578614/; classtype:trojan-activity;sid:81441714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578613)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"60.243.122.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578613/; classtype:trojan-activity;sid:81441713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578612)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"60.243.121.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578612/; classtype:trojan-activity;sid:81441712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578611)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"60.243.118.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578611/; classtype:trojan-activity;sid:81441711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578610)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"60.243.119.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578610/; classtype:trojan-activity;sid:81441710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578609)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"60.243.119.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578609/; classtype:trojan-activity;sid:81441709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578608)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"60.243.117.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578608/; classtype:trojan-activity;sid:81441708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578607)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"60.243.115.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578607/; classtype:trojan-activity;sid:81441707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578606)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"60.243.115.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578606/; classtype:trojan-activity;sid:81441706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578605)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"60.243.112.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578605/; classtype:trojan-activity;sid:81441705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578604)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"60.243.113.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578604/; classtype:trojan-activity;sid:81441704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578603)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"60.215.167.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578603/; classtype:trojan-activity;sid:81441703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578602)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"60.216.130.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578602/; classtype:trojan-activity;sid:81441702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578601)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"60.243.112.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578601/; classtype:trojan-activity;sid:81441701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578599)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"60.214.218.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578599/; classtype:trojan-activity;sid:81441699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578597)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"60.214.35.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578597/; classtype:trojan-activity;sid:81441697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578600)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"60.214.72.253"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578600/; classtype:trojan-activity;sid:81441700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578598)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"60.214.95.227"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578598/; classtype:trojan-activity;sid:81441698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578596)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"60.215.189.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578596/; classtype:trojan-activity;sid:81441696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578595)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"60.179.68.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578595/; classtype:trojan-activity;sid:81441695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578594)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"59.180.187.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578594/; classtype:trojan-activity;sid:81441694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578593)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"59.21.21.64"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578593/; classtype:trojan-activity;sid:81441693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578592)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"60.209.195.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578592/; classtype:trojan-activity;sid:81441692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578591)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"60.211.28.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578591/; classtype:trojan-activity;sid:81441691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578590)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"60.211.29.117"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578590/; classtype:trojan-activity;sid:81441690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578589)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"60.211.92.207"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578589/; classtype:trojan-activity;sid:81441689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578587)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"60.211.94.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578587/; classtype:trojan-activity;sid:81441687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578588)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"60.214.194.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578588/; classtype:trojan-activity;sid:81441688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578586)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"59.180.167.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578586/; classtype:trojan-activity;sid:81441686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578585)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"59.180.166.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578585/; classtype:trojan-activity;sid:81441685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578584)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"59.180.160.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578584/; classtype:trojan-activity;sid:81441684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578582)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"59.180.131.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578582/; classtype:trojan-activity;sid:81441682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578583)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"59.180.144.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578583/; classtype:trojan-activity;sid:81441683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578581)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"59.177.39.166"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578581/; classtype:trojan-activity;sid:81441681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578580)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"46.250.94.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578580/; classtype:trojan-activity;sid:81441680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578579)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"45.190.89.107"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578579/; classtype:trojan-activity;sid:81441679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578577)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"45.190.91.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578577/; classtype:trojan-activity;sid:81441677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578578)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"58.248.74.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578578/; classtype:trojan-activity;sid:81441678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578576)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.234.250.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578576/; classtype:trojan-activity;sid:81441676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578571)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.234.250.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578571/; classtype:trojan-activity;sid:81441671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (578572)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"42.235.189.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_20; reference:url, urlhaus.abuse.ch/url/578572/; classtype:trojan-activity;sid:81441672; rev:1;) ale