################################################################ # abuse.ch URLhaus IDS ruleset (Suricata only) # # Last updated: 2020-10-20 08:58:04 (UTC) # # # # Terms Of Use: https://urlhaus.abuse.ch/api/ # # For questions please contact urlhaus [at] abuse.ch # ################################################################ # # url alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722574)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/leaked-usmle/inc/ac26ryreywkxecw/"; depth:34; endswith; http.host; content:"bms-guisborough.co.uk"; depth:21; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722574/; classtype:trojan-activity;sid:81585674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722573)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-includes/id3/g1/1065779.jpg"; depth:31; endswith; http.host; content:"weeshoppi.com"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722573/; classtype:trojan-activity;sid:81585673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722572)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; http.host; content:"182.116.52.211"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722572/; classtype:trojan-activity;sid:81585672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722571)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/pages/3001389566160/sri/"; depth:36; endswith; http.host; content:"helixity-india.com"; depth:18; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722571/; classtype:trojan-activity;sid:81585671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722570)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-includes/id3/g1/rpo-206741.jpg"; depth:34; endswith; http.host; content:"weeshoppi.com"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722570/; classtype:trojan-activity;sid:81585670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722569)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-includes/id3/g1/rpo-904113.jpg"; depth:34; endswith; http.host; content:"weeshoppi.com"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722569/; classtype:trojan-activity;sid:81585669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722568)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-includes/id3/g1/shg-0628.jpg"; depth:32; endswith; http.host; content:"weeshoppi.com"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722568/; classtype:trojan-activity;sid:81585668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722567)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-includes/id3/g1/9046711.jpg"; depth:31; endswith; http.host; content:"weeshoppi.com"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722567/; classtype:trojan-activity;sid:81585667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722566)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-includes/id3/g1/bui777.jpg"; depth:30; endswith; http.host; content:"weeshoppi.com"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722566/; classtype:trojan-activity;sid:81585666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722565)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; http.host; content:"219.155.9.254"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722565/; classtype:trojan-activity;sid:81585665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722564)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sandbox/overview/r5y7jggy7qol9rr/"; depth:34; endswith; http.host; content:"iog.com.cn"; depth:10; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722564/; classtype:trojan-activity;sid:81585664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722563)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/calendar/parts_service/6yjbncwolg7dbtlo/"; depth:41; endswith; http.host; content:"lotlee.com"; depth:10; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722563/; classtype:trojan-activity;sid:81585663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722562)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"61.2.44.69"; depth:10; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722562/; classtype:trojan-activity;sid:81585662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722561)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"59.177.38.236"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722561/; classtype:trojan-activity;sid:81585661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722559)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"59.180.177.181"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722559/; classtype:trojan-activity;sid:81585659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722560)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"59.99.43.173"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722560/; classtype:trojan-activity;sid:81585660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722558)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"60.243.114.121"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722558/; classtype:trojan-activity;sid:81585658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722555)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"60.243.117.188"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722555/; classtype:trojan-activity;sid:81585655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722556)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"92.100.44.150"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722556/; classtype:trojan-activity;sid:81585656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722557)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ornze.msi"; depth:10; endswith; http.host; content:"u.teknik.io"; depth:11; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722557/; classtype:trojan-activity;sid:81585657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722554)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"60.243.113.121"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722554/; classtype:trojan-activity;sid:81585654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722553)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"61.54.237.106"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722553/; classtype:trojan-activity;sid:81585653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722551)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.56.207.129"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722551/; classtype:trojan-activity;sid:81585651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722552)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"42.235.143.96"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722552/; classtype:trojan-activity;sid:81585652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722550)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"221.214.130.199"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722550/; classtype:trojan-activity;sid:81585650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722549)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"187.109.119.219"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722549/; classtype:trojan-activity;sid:81585649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722546)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"221.214.146.90"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722546/; classtype:trojan-activity;sid:81585646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722541)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"222.137.160.161"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722541/; classtype:trojan-activity;sid:81585641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722547)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"222.138.212.10"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722547/; classtype:trojan-activity;sid:81585647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722542)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"222.141.108.152"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722542/; classtype:trojan-activity;sid:81585642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722545)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"27.210.239.179"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722545/; classtype:trojan-activity;sid:81585645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722543)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"27.216.190.123"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722543/; classtype:trojan-activity;sid:81585643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722548)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"41.86.18.210"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722548/; classtype:trojan-activity;sid:81585648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722544)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"42.235.85.35"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722544/; classtype:trojan-activity;sid:81585644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722540)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.119.84.182"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722540/; classtype:trojan-activity;sid:81585640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722539)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.121.54.95"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722539/; classtype:trojan-activity;sid:81585639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722538)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; http.host; content:"42.236.214.124"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722538/; classtype:trojan-activity;sid:81585638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722537)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.116.70.236"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722537/; classtype:trojan-activity;sid:81585637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722535)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"182.114.0.87"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722535/; classtype:trojan-activity;sid:81585635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722536)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.116.96.16"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722536/; classtype:trojan-activity;sid:81585636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722534)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.119.12.96"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722534/; classtype:trojan-activity;sid:81585634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722532)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"125.41.174.111"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722532/; classtype:trojan-activity;sid:81585632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722531)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"125.42.126.64"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722531/; classtype:trojan-activity;sid:81585631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722533)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"125.46.139.51"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722533/; classtype:trojan-activity;sid:81585633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722530)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"115.97.7.166"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722530/; classtype:trojan-activity;sid:81585630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722529)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"115.97.66.83"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722529/; classtype:trojan-activity;sid:81585629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722528)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"121.189.111.104"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722528/; classtype:trojan-activity;sid:81585628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722527)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"117.194.161.60"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722527/; classtype:trojan-activity;sid:81585627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722525)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"115.99.181.65"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722525/; classtype:trojan-activity;sid:81585625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722522)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"117.213.40.119"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722522/; classtype:trojan-activity;sid:81585622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722523)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"117.242.208.121"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722523/; classtype:trojan-activity;sid:81585623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722526)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"118.218.159.82"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722526/; classtype:trojan-activity;sid:81585626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722521)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"123.11.232.226"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722521/; classtype:trojan-activity;sid:81585621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722524)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"123.14.90.55"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722524/; classtype:trojan-activity;sid:81585624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722520)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"123.5.180.106"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722520/; classtype:trojan-activity;sid:81585620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722519)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"115.49.28.165"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722519/; classtype:trojan-activity;sid:81585619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722515)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"112.249.86.169"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722515/; classtype:trojan-activity;sid:81585615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722516)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"113.118.204.194"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722516/; classtype:trojan-activity;sid:81585616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722517)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"115.50.64.109"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722517/; classtype:trojan-activity;sid:81585617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722518)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"115.56.135.170"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722518/; classtype:trojan-activity;sid:81585618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722514)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"115.48.155.31"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722514/; classtype:trojan-activity;sid:81585614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722512)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"115.48.190.68"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722512/; classtype:trojan-activity;sid:81585612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722513)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"115.48.229.33"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722513/; classtype:trojan-activity;sid:81585613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722511)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/req025purchase_pdf.exe"; depth:23; endswith; http.host; content:"tew44fe44f444445455.gb.net"; depth:26; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722511/; classtype:trojan-activity;sid:81585611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722510)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; http.host; content:"115.58.64.152"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722510/; classtype:trojan-activity;sid:81585610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722509)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cgi-bin/document/8462/vqzbwir/"; depth:31; endswith; http.host; content:"islamiadsk.com"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722509/; classtype:trojan-activity;sid:81585609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722508)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; http.host; content:"117.222.165.141"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722508/; classtype:trojan-activity;sid:81585608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722507)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; http.host; content:"182.127.181.87"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722507/; classtype:trojan-activity;sid:81585607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722506)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; http.host; content:"61.54.61.248"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722506/; classtype:trojan-activity;sid:81585606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722505)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"60.243.125.93"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722505/; classtype:trojan-activity;sid:81585605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722504)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"61.54.57.143"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722504/; classtype:trojan-activity;sid:81585604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722502)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"42.239.154.158"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722502/; classtype:trojan-activity;sid:81585602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722503)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"60.243.117.129"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722503/; classtype:trojan-activity;sid:81585603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722500)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"42.224.208.78"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722500/; classtype:trojan-activity;sid:81585600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722498)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"222.139.50.213"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722498/; classtype:trojan-activity;sid:81585598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722499)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"27.5.41.206"; depth:11; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722499/; classtype:trojan-activity;sid:81585599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722495)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"27.22.14.24"; depth:11; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722495/; classtype:trojan-activity;sid:81585595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722497)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"27.6.186.31"; depth:11; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722497/; classtype:trojan-activity;sid:81585597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722496)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"39.73.46.52"; depth:11; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722496/; classtype:trojan-activity;sid:81585596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722494)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"182.127.137.53"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722494/; classtype:trojan-activity;sid:81585594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722492)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"183.150.166.215"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722492/; classtype:trojan-activity;sid:81585592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722493)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"222.138.37.143"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722493/; classtype:trojan-activity;sid:81585593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722490)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"202.83.37.138"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722490/; classtype:trojan-activity;sid:81585590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722491)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"202.83.37.7"; depth:11; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722491/; classtype:trojan-activity;sid:81585591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722489)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.127.135.100"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722489/; classtype:trojan-activity;sid:81585589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722487)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.59.192.0"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722487/; classtype:trojan-activity;sid:81585587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722488)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"221.15.237.112"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722488/; classtype:trojan-activity;sid:81585588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722486)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"219.155.116.149"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722486/; classtype:trojan-activity;sid:81585586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722485)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; http.host; content:"59.93.16.6"; depth:10; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722485/; classtype:trojan-activity;sid:81585585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722484)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"188.169.45.28"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722484/; classtype:trojan-activity;sid:81585584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722483)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"219.155.119.125"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722483/; classtype:trojan-activity;sid:81585583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722482)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.127.120.54"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722482/; classtype:trojan-activity;sid:81585582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722481)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"14.53.242.27"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722481/; classtype:trojan-activity;sid:81585581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722477)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"125.47.197.123"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722477/; classtype:trojan-activity;sid:81585577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722479)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"125.47.221.138"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722479/; classtype:trojan-activity;sid:81585579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722480)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"180.180.204.254"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722480/; classtype:trojan-activity;sid:81585580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722476)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.126.116.83"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722476/; classtype:trojan-activity;sid:81585576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722478)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.126.244.163"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722478/; classtype:trojan-activity;sid:81585578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722472)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"182.114.19.81"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722472/; classtype:trojan-activity;sid:81585572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722474)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.120.50.105"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722474/; classtype:trojan-activity;sid:81585574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722475)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.126.115.87"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722475/; classtype:trojan-activity;sid:81585575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722473)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; http.host; content:"39.89.60.229"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722473/; classtype:trojan-activity;sid:81585573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722471)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"120.56.113.60"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722471/; classtype:trojan-activity;sid:81585571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722468)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"121.177.253.38"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722468/; classtype:trojan-activity;sid:81585568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722467)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"123.14.69.140"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722467/; classtype:trojan-activity;sid:81585567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722470)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"123.235.210.28"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722470/; classtype:trojan-activity;sid:81585570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722469)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"123.5.144.183"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722469/; classtype:trojan-activity;sid:81585569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722465)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"120.56.116.213"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722465/; classtype:trojan-activity;sid:81585565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722464)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"123.11.120.210"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722464/; classtype:trojan-activity;sid:81585564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722466)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"123.130.0.231"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722466/; classtype:trojan-activity;sid:81585566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722463)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"119.123.179.18"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722463/; classtype:trojan-activity;sid:81585563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722462)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"125.43.56.15"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722462/; classtype:trojan-activity;sid:81585562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722461)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"116.73.97.5"; depth:11; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722461/; classtype:trojan-activity;sid:81585561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722460)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"115.56.135.142"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722460/; classtype:trojan-activity;sid:81585560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722459)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"112.165.0.158"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722459/; classtype:trojan-activity;sid:81585559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722458)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"116.72.26.177"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722458/; classtype:trojan-activity;sid:81585558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722457)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"116.73.63.214"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722457/; classtype:trojan-activity;sid:81585557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722453)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"113.116.219.225"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722453/; classtype:trojan-activity;sid:81585553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722455)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"115.49.249.128"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722455/; classtype:trojan-activity;sid:81585555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722456)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"115.53.200.4"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722456/; classtype:trojan-activity;sid:81585556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722454)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"115.61.246.175"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722454/; classtype:trojan-activity;sid:81585554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722452)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"112.254.58.25"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722452/; classtype:trojan-activity;sid:81585552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722451)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/calendar/reporting/952119719285504/f4bwhzet-768006/"; depth:52; endswith; http.host; content:"sonatej.com"; depth:11; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722451/; classtype:trojan-activity;sid:81585551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722449)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; http.host; content:"219.157.55.216"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722449/; classtype:trojan-activity;sid:81585549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722450)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cgi-bin/browse/tuii7g342geipg/"; depth:31; endswith; http.host; content:"travelistastory.com"; depth:19; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722450/; classtype:trojan-activity;sid:81585550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722448)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/images/public/p86lgmoo7qiba1qffi/"; depth:34; endswith; http.host; content:"dissa.cl"; depth:8; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722448/; classtype:trojan-activity;sid:81585548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722445)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ogretmenevi/lm/gyd7hjhy99/"; depth:27; endswith; http.host; content:"dev.probook.com.my"; depth:18; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722445/; classtype:trojan-activity;sid:81585545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722447)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sql987/2ljinczxt3vnnnr/"; depth:24; endswith; http.host; content:"libramedia.net"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722447/; classtype:trojan-activity;sid:81585547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722446)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kolbot-pickit/etrac/c0bvis7yabl/"; depth:33; endswith; http.host; content:"qiaoshounvgong.com"; depth:18; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722446/; classtype:trojan-activity;sid:81585546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722444)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-includes/paclm/evxzmuvsd8sszrplgyk/"; depth:39; endswith; http.host; content:"fumigacionesmac.com"; depth:19; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722444/; classtype:trojan-activity;sid:81585544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722443)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/backyard-design/lm/werb8grtofrmy6/"; depth:35; endswith; http.host; content:"delisaimmobiliare.it"; depth:20; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722443/; classtype:trojan-activity;sid:81585543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722441)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/backup_sistemas/7thrpjcyhgn0v/0jnmpthxjt4/"; depth:43; endswith; http.host; content:"ceramicaburguina.com.br"; depth:23; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722441/; classtype:trojan-activity;sid:81585541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722442)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/apps/doc/iiy7ogi6ojmtiyit1t/"; depth:29; endswith; http.host; content:"new.fudiai.com"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722442/; classtype:trojan-activity;sid:81585542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722440)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/llc/a2crqjziogvvegzbo/"; depth:34; endswith; http.host; content:"praxis-leimbacher.ch"; depth:20; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722440/; classtype:trojan-activity;sid:81585540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722439)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/admin/docs/qok5udaibtuuui/"; depth:27; endswith; http.host; content:"www.novaes.com.br"; depth:17; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722439/; classtype:trojan-activity;sid:81585539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722436)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/site/documentation/w8ags3ilzxjpzxnfrzll/"; depth:41; endswith; http.host; content:"fcespoo.urheilutekstiilit.fi"; depth:28; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722436/; classtype:trojan-activity;sid:81585536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722435)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/norma/sites/ltxzn1ofdprs/"; depth:26; endswith; http.host; content:"skullmedia.de"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722435/; classtype:trojan-activity;sid:81585535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722433)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp/6l0u/"; depth:9; endswith; http.host; content:"rossie.in"; depth:9; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722433/; classtype:trojan-activity;sid:81585533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722434)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp/lea2gxxbj/"; depth:14; endswith; http.host; content:"royalnight.in"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722434/; classtype:trojan-activity;sid:81585534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722432)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cgi-bin/cycdo/"; depth:15; endswith; http.host; content:"dailypharmajobs.com"; depth:19; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722432/; classtype:trojan-activity;sid:81585532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722430)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cgi-bin/vi5/"; depth:13; endswith; http.host; content:"envirohubconsulting.co.za"; depth:25; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722430/; classtype:trojan-activity;sid:81585530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722431)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/office/y6uz/"; depth:13; endswith; http.host; content:"grandages.org.my"; depth:16; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722431/; classtype:trojan-activity;sid:81585531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722429)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/images/mfxxm5tg/"; depth:17; endswith; http.host; content:"comercialadvance.com"; depth:20; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722429/; classtype:trojan-activity;sid:81585529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722428)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/u8j1bkh/"; depth:20; endswith; http.host; content:"gymmuscle.tk"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722428/; classtype:trojan-activity;sid:81585528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722427)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-includes/report/2topttru7s3z/"; depth:33; endswith; http.host; content:"toppost24.com"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722427/; classtype:trojan-activity;sid:81585527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722426)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/calculator/itq/"; depth:16; endswith; http.host; content:"vat201.com"; depth:10; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722426/; classtype:trojan-activity;sid:81585526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722424)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/js/q/"; depth:6; endswith; http.host; content:"hostimpel.com"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722424/; classtype:trojan-activity;sid:81585524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722425)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/zt/"; depth:13; endswith; http.host; content:"mohamedsayed.com"; depth:16; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722425/; classtype:trojan-activity;sid:81585525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722423)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gallery_03f59a1cc20096539c7aec1b61d7471a/3e/"; depth:45; endswith; http.host; content:"bomfuturoadesivos.com"; depth:21; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722423/; classtype:trojan-activity;sid:81585523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722422)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cgi-bin/xyv/"; depth:13; endswith; http.host; content:"hoobiq.com"; depth:10; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722422/; classtype:trojan-activity;sid:81585522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722421)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ram-aisin/7r9/"; depth:15; endswith; http.host; content:"wodsuit.com"; depth:11; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722421/; classtype:trojan-activity;sid:81585521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722420)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hydrolysis-of/by/"; depth:18; endswith; http.host; content:"vikinggg.com"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722420/; classtype:trojan-activity;sid:81585520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722419)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; http.host; content:"200.123.233.59"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722419/; classtype:trojan-activity;sid:81585519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722418)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"60.243.120.4"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722418/; classtype:trojan-activity;sid:81585518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722417)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"42.233.144.16"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722417/; classtype:trojan-activity;sid:81585517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722414)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"42.234.189.131"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722414/; classtype:trojan-activity;sid:81585514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722416)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"59.94.180.81"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722416/; classtype:trojan-activity;sid:81585516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722415)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"61.52.184.5"; depth:11; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722415/; classtype:trojan-activity;sid:81585515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722413)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"31.200.75.202"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722413/; classtype:trojan-activity;sid:81585513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722411)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"39.74.107.167"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722411/; classtype:trojan-activity;sid:81585511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722410)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"42.235.67.211"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722410/; classtype:trojan-activity;sid:81585510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722409)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"42.236.255.54"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722409/; classtype:trojan-activity;sid:81585509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722412)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"61.54.43.176"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722412/; classtype:trojan-activity;sid:81585512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722408)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"42.228.79.107"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722408/; classtype:trojan-activity;sid:81585508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722406)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"222.214.53.254"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722406/; classtype:trojan-activity;sid:81585506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722407)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"27.213.188.87"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722407/; classtype:trojan-activity;sid:81585507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722405)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"27.35.145.103"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722405/; classtype:trojan-activity;sid:81585505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722402)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"27.207.232.244"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722402/; classtype:trojan-activity;sid:81585502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722403)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"27.215.214.174"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722403/; classtype:trojan-activity;sid:81585503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722401)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"27.41.172.45"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722401/; classtype:trojan-activity;sid:81585501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722404)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"27.44.226.216"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722404/; classtype:trojan-activity;sid:81585504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722398)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; http.host; content:"119.163.228.106"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722398/; classtype:trojan-activity;sid:81585498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722400)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"27.194.156.36"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722400/; classtype:trojan-activity;sid:81585500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722397)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"27.206.186.66"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722397/; classtype:trojan-activity;sid:81585497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722399)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"27.219.108.152"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722399/; classtype:trojan-activity;sid:81585499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722396)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.112.20.128"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722396/; classtype:trojan-activity;sid:81585496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722395)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.57.193.201"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722395/; classtype:trojan-activity;sid:81585495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722394)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; http.host; content:"60.212.123.181"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722394/; classtype:trojan-activity;sid:81585494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722391)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"125.47.87.254"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722391/; classtype:trojan-activity;sid:81585491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722390)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.121.12.22"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722390/; classtype:trojan-activity;sid:81585490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722392)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"221.15.181.230"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722392/; classtype:trojan-activity;sid:81585492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722389)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"222.137.159.185"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722389/; classtype:trojan-activity;sid:81585489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722393)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"222.140.175.170"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722393/; classtype:trojan-activity;sid:81585493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722388)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"221.15.87.32"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722388/; classtype:trojan-activity;sid:81585488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722387)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"119.187.237.252"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722387/; classtype:trojan-activity;sid:81585487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722386)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"123.4.68.22"; depth:11; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722386/; classtype:trojan-activity;sid:81585486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722384)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"125.46.241.209"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722384/; classtype:trojan-activity;sid:81585484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722385)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"125.47.252.34"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722385/; classtype:trojan-activity;sid:81585485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722382)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"123.130.101.120"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722382/; classtype:trojan-activity;sid:81585482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722383)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"123.9.39.123"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722383/; classtype:trojan-activity;sid:81585483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722380)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"117.221.251.105"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722380/; classtype:trojan-activity;sid:81585480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722381)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"123.154.119.59"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722381/; classtype:trojan-activity;sid:81585481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722379)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"117.213.47.86"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722379/; classtype:trojan-activity;sid:81585479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722375)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"120.56.112.143"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722375/; classtype:trojan-activity;sid:81585475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722376)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"120.56.112.189"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722376/; classtype:trojan-activity;sid:81585476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722377)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"123.4.75.226"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722377/; classtype:trojan-activity;sid:81585477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722378)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"123.8.95.171"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722378/; classtype:trojan-activity;sid:81585478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722374)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"124.131.82.126"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722374/; classtype:trojan-activity;sid:81585474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722373)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"116.75.198.239"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722373/; classtype:trojan-activity;sid:81585473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722372)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"115.50.57.251"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722372/; classtype:trojan-activity;sid:81585472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722371)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"115.54.171.245"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722371/; classtype:trojan-activity;sid:81585471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722370)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"115.50.158.103"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722370/; classtype:trojan-activity;sid:81585470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722369)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"115.58.20.221"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722369/; classtype:trojan-activity;sid:81585469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722364)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"112.226.251.110"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722364/; classtype:trojan-activity;sid:81585464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722362)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"112.254.194.175"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722362/; classtype:trojan-activity;sid:81585462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722367)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"115.59.241.12"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722367/; classtype:trojan-activity;sid:81585467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722365)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"115.61.174.36"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722365/; classtype:trojan-activity;sid:81585465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722366)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"115.97.30.71"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722366/; classtype:trojan-activity;sid:81585466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722368)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"116.75.197.117"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722368/; classtype:trojan-activity;sid:81585468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722363)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"117.211.40.43"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722363/; classtype:trojan-activity;sid:81585463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722361)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/trlxc/"; depth:16; endswith; http.host; content:"tayninhhouse.info"; depth:17; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722361/; classtype:trojan-activity;sid:81585461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722360)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; http.host; content:"219.157.55.216"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722360/; classtype:trojan-activity;sid:81585460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722359)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/lm/27649110/qnbbw9ja1scf-0040/"; depth:42; endswith; http.host; content:"gestione.co"; depth:11; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722359/; classtype:trojan-activity;sid:81585459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722358)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; http.host; content:"111.8.135.179"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722358/; classtype:trojan-activity;sid:81585458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722357)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; http.host; content:"115.50.39.188"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722357/; classtype:trojan-activity;sid:81585457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722356)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"60.243.123.130"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722356/; classtype:trojan-activity;sid:81585456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722355)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"60.243.120.229"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722355/; classtype:trojan-activity;sid:81585455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722354)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"60.254.60.100"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722354/; classtype:trojan-activity;sid:81585454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722351)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"42.239.221.153"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722351/; classtype:trojan-activity;sid:81585451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722353)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"59.180.188.111"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722353/; classtype:trojan-activity;sid:81585453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722352)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"61.53.207.111"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722352/; classtype:trojan-activity;sid:81585452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722350)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"42.231.71.192"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722350/; classtype:trojan-activity;sid:81585450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722349)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"42.234.248.103"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722349/; classtype:trojan-activity;sid:81585449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722347)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"61.53.219.163"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722347/; classtype:trojan-activity;sid:81585447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722348)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"61.53.65.251"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722348/; classtype:trojan-activity;sid:81585448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722346)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; http.host; content:"115.56.129.186"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722346/; classtype:trojan-activity;sid:81585446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722345)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"222.142.186.124"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722345/; classtype:trojan-activity;sid:81585445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722344)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"221.15.176.199"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722344/; classtype:trojan-activity;sid:81585444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722343)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"182.117.110.185"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722343/; classtype:trojan-activity;sid:81585443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722342)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; http.host; content:"115.59.210.126"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722342/; classtype:trojan-activity;sid:81585442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722341)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"182.119.14.177"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722341/; classtype:trojan-activity;sid:81585441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722337)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"182.123.250.254"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722337/; classtype:trojan-activity;sid:81585437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722339)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"182.59.162.170"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722339/; classtype:trojan-activity;sid:81585439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722340)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"27.193.156.190"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722340/; classtype:trojan-activity;sid:81585440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722338)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"39.74.189.177"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722338/; classtype:trojan-activity;sid:81585438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722336)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"27.210.179.154"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722336/; classtype:trojan-activity;sid:81585436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722335)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"222.138.140.156"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722335/; classtype:trojan-activity;sid:81585435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722334)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"36.32.194.24"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722334/; classtype:trojan-activity;sid:81585434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722333)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"27.194.159.48"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722333/; classtype:trojan-activity;sid:81585433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722331)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"182.114.57.151"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722331/; classtype:trojan-activity;sid:81585431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722330)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.126.118.13"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722330/; classtype:trojan-activity;sid:81585430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722328)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"221.15.176.80"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722328/; classtype:trojan-activity;sid:81585428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722329)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"222.141.41.74"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722329/; classtype:trojan-activity;sid:81585429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722327)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"27.193.116.157"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722327/; classtype:trojan-activity;sid:81585427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722332)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"42.225.220.171"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722332/; classtype:trojan-activity;sid:81585432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722326)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"116.75.195.227"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722326/; classtype:trojan-activity;sid:81585426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722325)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"119.196.103.45"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722325/; classtype:trojan-activity;sid:81585425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722323)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"117.211.40.82"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722323/; classtype:trojan-activity;sid:81585423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722324)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"117.242.209.144"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722324/; classtype:trojan-activity;sid:81585424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722322)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"119.179.13.142"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722322/; classtype:trojan-activity;sid:81585422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722320)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"122.3.0.23"; depth:10; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722320/; classtype:trojan-activity;sid:81585420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722318)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"123.9.219.238"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722318/; classtype:trojan-activity;sid:81585418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722319)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"125.44.214.204"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722319/; classtype:trojan-activity;sid:81585419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722321)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"125.46.223.84"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722321/; classtype:trojan-activity;sid:81585421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722317)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"119.165.147.14"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722317/; classtype:trojan-activity;sid:81585417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722316)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"103.97.139.17"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722316/; classtype:trojan-activity;sid:81585416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722314)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"113.118.12.17"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722314/; classtype:trojan-activity;sid:81585414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722315)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"113.118.132.17"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722315/; classtype:trojan-activity;sid:81585415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722313)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"115.97.102.115"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722313/; classtype:trojan-activity;sid:81585413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722311)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"113.88.232.167"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722311/; classtype:trojan-activity;sid:81585411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722310)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"113.92.159.179"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722310/; classtype:trojan-activity;sid:81585410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722307)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"115.51.95.12"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722307/; classtype:trojan-activity;sid:81585407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722306)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"115.55.77.78"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722306/; classtype:trojan-activity;sid:81585406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722308)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"115.58.132.90"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722308/; classtype:trojan-activity;sid:81585408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722305)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"115.59.73.242"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722305/; classtype:trojan-activity;sid:81585405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722309)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; http.host; content:"200.123.234.72"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722309/; classtype:trojan-activity;sid:81585409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722304)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; http.host; content:"27.207.64.195"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722304/; classtype:trojan-activity;sid:81585404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722303)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; http.host; content:"112.252.237.255"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722303/; classtype:trojan-activity;sid:81585403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722302)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; http.host; content:"42.234.158.230"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722302/; classtype:trojan-activity;sid:81585402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722301)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; http.host; content:"115.50.39.188"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722301/; classtype:trojan-activity;sid:81585401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722300)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hepialidae/paclm/xc1q8x5asvsv6/"; depth:32; endswith; http.host; content:"www.malkaragida.com"; depth:19; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722300/; classtype:trojan-activity;sid:81585400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722298)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; http.host; content:"182.117.112.40"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722298/; classtype:trojan-activity;sid:81585398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722299)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/sites/kgiiwsby-20461/"; depth:33; endswith; http.host; content:"colegioelshaday.com.br"; depth:22; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722299/; classtype:trojan-activity;sid:81585399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722297)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; http.host; content:"115.56.138.238"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722297/; classtype:trojan-activity;sid:81585397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722295)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; http.host; content:"111.8.135.179"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722295/; classtype:trojan-activity;sid:81585395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722294)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; http.host; content:"112.242.163.6"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722294/; classtype:trojan-activity;sid:81585394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722293)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; http.host; content:"222.137.167.146"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722293/; classtype:trojan-activity;sid:81585393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722292)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; http.host; content:"182.127.181.87"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722292/; classtype:trojan-activity;sid:81585392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722291)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; http.host; content:"119.165.3.61"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722291/; classtype:trojan-activity;sid:81585391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722290)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"61.52.100.226"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722290/; classtype:trojan-activity;sid:81585390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722289)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"61.53.88.29"; depth:11; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722289/; classtype:trojan-activity;sid:81585389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722288)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/regency-fireplace/cpvdl/"; depth:25; endswith; http.host; content:"new.gymmuscle.tk"; depth:16; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722288/; classtype:trojan-activity;sid:81585388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722287)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/admin/l6ic/"; depth:12; endswith; http.host; content:"cleanmyplace.in"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722287/; classtype:trojan-activity;sid:81585387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722285)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"27.220.254.103"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722285/; classtype:trojan-activity;sid:81585385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722286)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"60.243.126.195"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722286/; classtype:trojan-activity;sid:81585386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722284)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-includes/i/"; depth:15; endswith; http.host; content:"christiansutter.ch"; depth:18; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722284/; classtype:trojan-activity;sid:81585384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722283)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"42.224.185.231"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722283/; classtype:trojan-activity;sid:81585383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722282)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/contact/mgxxx/"; depth:15; endswith; http.host; content:"datainsight.kr"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722282/; classtype:trojan-activity;sid:81585382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722281)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"59.97.170.188"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722281/; classtype:trojan-activity;sid:81585381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722279)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ginseng-prices/rnkiio/"; depth:23; endswith; http.host; content:"dinamocs.com.br"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722279/; classtype:trojan-activity;sid:81585379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722277)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"42.234.228.138"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722277/; classtype:trojan-activity;sid:81585377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722278)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"59.94.183.185"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722278/; classtype:trojan-activity;sid:81585378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722276)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/3h/"; depth:13; endswith; http.host; content:"myanmarlegalservices.com"; depth:24; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722276/; classtype:trojan-activity;sid:81585376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722275)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ontario2.com/rfew/"; depth:19; endswith; http.host; content:"eduma2.com"; depth:10; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722275/; classtype:trojan-activity;sid:81585375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722274)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"42.234.236.60"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722274/; classtype:trojan-activity;sid:81585374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722273)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"27.216.122.220"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722273/; classtype:trojan-activity;sid:81585373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722272)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"39.86.233.224"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722272/; classtype:trojan-activity;sid:81585372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722270)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"42.228.71.73"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722270/; classtype:trojan-activity;sid:81585370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722271)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"59.180.149.9"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722271/; classtype:trojan-activity;sid:81585371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722267)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"219.154.143.55"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722267/; classtype:trojan-activity;sid:81585367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722268)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"221.215.241.48"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722268/; classtype:trojan-activity;sid:81585368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722269)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"27.215.86.111"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722269/; classtype:trojan-activity;sid:81585369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722266)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; http.host; content:"59.180.189.201"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722266/; classtype:trojan-activity;sid:81585366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722262)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"183.15.120.10"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722262/; classtype:trojan-activity;sid:81585362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722263)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"186.29.139.249"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722263/; classtype:trojan-activity;sid:81585363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722264)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"222.141.42.202"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722264/; classtype:trojan-activity;sid:81585364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722261)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"27.202.188.45"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722261/; classtype:trojan-activity;sid:81585361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722265)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cgi-bin/sites/44457/wgdzllh/"; depth:29; endswith; http.host; content:"pkk.cilacapkab.go.id"; depth:20; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722265/; classtype:trojan-activity;sid:81585365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722260)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"219.154.120.4"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722260/; classtype:trojan-activity;sid:81585360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722258)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"27.207.221.88"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722258/; classtype:trojan-activity;sid:81585358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722259)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cgi-bin/pages/agbfsr5ioob88a/"; depth:30; endswith; http.host; content:"nkvkoilterminal.ru"; depth:18; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722259/; classtype:trojan-activity;sid:81585359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722256)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.112.18.169"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722256/; classtype:trojan-activity;sid:81585356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722255)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.119.94.66"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722255/; classtype:trojan-activity;sid:81585355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722253)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"171.42.161.116"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722253/; classtype:trojan-activity;sid:81585353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722254)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.116.108.206"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722254/; classtype:trojan-activity;sid:81585354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722252)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"182.126.117.191"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722252/; classtype:trojan-activity;sid:81585352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722251)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"124.107.165.170"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722251/; classtype:trojan-activity;sid:81585351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722250)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"117.222.164.230"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722250/; classtype:trojan-activity;sid:81585350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722246)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"117.222.161.175"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722246/; classtype:trojan-activity;sid:81585346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722247)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"120.63.206.41"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722247/; classtype:trojan-activity;sid:81585347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722245)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"123.129.105.114"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722245/; classtype:trojan-activity;sid:81585345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722244)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"123.14.105.51"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722244/; classtype:trojan-activity;sid:81585344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722249)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"123.14.147.69"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722249/; classtype:trojan-activity;sid:81585349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722248)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; http.host; content:"187.103.82.52"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722248/; classtype:trojan-activity;sid:81585348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722243)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"123.9.199.253"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722243/; classtype:trojan-activity;sid:81585343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722242)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"124.163.130.120"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722242/; classtype:trojan-activity;sid:81585342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722241)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"115.56.196.233"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722241/; classtype:trojan-activity;sid:81585341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722240)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"115.96.167.14"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722240/; classtype:trojan-activity;sid:81585340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722239)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"116.54.24.9"; depth:11; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722239/; classtype:trojan-activity;sid:81585339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722235)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"112.123.109.106"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722235/; classtype:trojan-activity;sid:81585335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722233)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"112.30.4.136"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722233/; classtype:trojan-activity;sid:81585333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722234)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"115.50.1.194"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722234/; classtype:trojan-activity;sid:81585334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722236)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"115.99.28.35"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722236/; classtype:trojan-activity;sid:81585336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722238)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"115.99.28.43"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722238/; classtype:trojan-activity;sid:81585338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722237)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"115.99.30.233"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722237/; classtype:trojan-activity;sid:81585337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722232)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"111.176.157.90"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722232/; classtype:trojan-activity;sid:81585332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722231)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"112.249.81.183"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722231/; classtype:trojan-activity;sid:81585331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722230)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; http.host; content:"115.56.129.186"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722230/; classtype:trojan-activity;sid:81585330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722229)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; http.host; content:"42.235.187.151"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722229/; classtype:trojan-activity;sid:81585329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722228)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/rncm/"; depth:17; endswith; http.host; content:"disdik.barrukab.go.id"; depth:21; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722228/; classtype:trojan-activity;sid:81585328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722227)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; http.host; content:"115.59.210.126"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722227/; classtype:trojan-activity;sid:81585327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722226)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; http.host; content:"175.210.137.155"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722226/; classtype:trojan-activity;sid:81585326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722225)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; http.host; content:"42.234.158.230"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722225/; classtype:trojan-activity;sid:81585325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722223)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"58.19.162.121"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722223/; classtype:trojan-activity;sid:81585323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722221)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"42.235.177.77"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722221/; classtype:trojan-activity;sid:81585321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722222)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"42.238.71.254"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722222/; classtype:trojan-activity;sid:81585322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722220)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"60.243.49.175"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722220/; classtype:trojan-activity;sid:81585320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722219)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.59.172.108"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722219/; classtype:trojan-activity;sid:81585319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722218)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"221.1.244.202"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722218/; classtype:trojan-activity;sid:81585318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722217)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.59.115.8"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722217/; classtype:trojan-activity;sid:81585317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722216)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"219.157.153.10"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722216/; classtype:trojan-activity;sid:81585316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722214)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"221.15.5.48"; depth:11; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722214/; classtype:trojan-activity;sid:81585314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722213)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"221.3.126.204"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722213/; classtype:trojan-activity;sid:81585313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722212)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"222.142.207.193"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722212/; classtype:trojan-activity;sid:81585312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722215)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"27.207.204.19"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722215/; classtype:trojan-activity;sid:81585315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722211)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; http.host; content:"27.216.96.149"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722211/; classtype:trojan-activity;sid:81585311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722210)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"39.77.31.46"; depth:11; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722210/; classtype:trojan-activity;sid:81585310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722209)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"123.4.251.0"; depth:11; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722209/; classtype:trojan-activity;sid:81585309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722208)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"123.14.26.185"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722208/; classtype:trojan-activity;sid:81585308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722207)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"123.9.107.163"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722207/; classtype:trojan-activity;sid:81585307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722206)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.113.24.164"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722206/; classtype:trojan-activity;sid:81585306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722204)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"123.13.120.58"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722204/; classtype:trojan-activity;sid:81585304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722205)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"125.45.79.223"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722205/; classtype:trojan-activity;sid:81585305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722203)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.127.183.254"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722203/; classtype:trojan-activity;sid:81585303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722202)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"125.43.13.125"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722202/; classtype:trojan-activity;sid:81585302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722199)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"125.44.21.162"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722199/; classtype:trojan-activity;sid:81585299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722200)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"139.190.238.88"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722200/; classtype:trojan-activity;sid:81585300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722201)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.114.87.74"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722201/; classtype:trojan-activity;sid:81585301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722198)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.117.85.110"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722198/; classtype:trojan-activity;sid:81585298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722197)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"116.72.82.33"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722197/; classtype:trojan-activity;sid:81585297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722195)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"103.82.184.99"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722195/; classtype:trojan-activity;sid:81585295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722196)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"115.63.178.211"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722196/; classtype:trojan-activity;sid:81585296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722194)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"103.35.142.93"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722194/; classtype:trojan-activity;sid:81585294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722192)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; http.host; content:"115.59.255.24"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722192/; classtype:trojan-activity;sid:81585292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722191)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"117.222.161.206"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722191/; classtype:trojan-activity;sid:81585291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722187)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"112.255.131.126"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722187/; classtype:trojan-activity;sid:81585287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722188)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"112.255.191.71"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722188/; classtype:trojan-activity;sid:81585288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722190)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"115.50.41.121"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722190/; classtype:trojan-activity;sid:81585290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722189)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/coronapp/scan/87892521373/adk3svscrl-0248027/"; depth:46; endswith; http.host; content:"betaproject.business"; depth:20; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722189/; classtype:trojan-activity;sid:81585289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722186)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"112.242.120.219"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722186/; classtype:trojan-activity;sid:81585286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722185)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; http.host; content:"182.57.54.248"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722185/; classtype:trojan-activity;sid:81585285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722184)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"61.53.148.63"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722184/; classtype:trojan-activity;sid:81585284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722182)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"61.53.124.168"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722182/; classtype:trojan-activity;sid:81585282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722183)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"61.53.124.24"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722183/; classtype:trojan-activity;sid:81585283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722181)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"61.53.124.55"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722181/; classtype:trojan-activity;sid:81585281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722180)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"42.224.248.199"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722180/; classtype:trojan-activity;sid:81585280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722179)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"42.224.46.78"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722179/; classtype:trojan-activity;sid:81585279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722178)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"58.241.58.176"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722178/; classtype:trojan-activity;sid:81585278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722177)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"58.143.189.75"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722177/; classtype:trojan-activity;sid:81585277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722175)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"39.65.160.82"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722175/; classtype:trojan-activity;sid:81585275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722176)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"42.231.184.21"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722176/; classtype:trojan-activity;sid:81585276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722174)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"59.99.40.133"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722174/; classtype:trojan-activity;sid:81585274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722172)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"27.223.171.100"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722172/; classtype:trojan-activity;sid:81585272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722173)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"39.88.157.3"; depth:11; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722173/; classtype:trojan-activity;sid:81585273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722171)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/produtos/document/71667711574/i7k7ej-0004340/"; depth:46; endswith; http.host; content:"randradeseguros.com.br"; depth:22; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722171/; classtype:trojan-activity;sid:81585271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722170)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"219.155.30.107"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722170/; classtype:trojan-activity;sid:81585270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722169)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"27.215.187.160"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722169/; classtype:trojan-activity;sid:81585269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722168)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"203.89.97.190"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722168/; classtype:trojan-activity;sid:81585268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722167)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"221.0.244.192"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722167/; classtype:trojan-activity;sid:81585267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722160)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"175.147.21.193"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722160/; classtype:trojan-activity;sid:81585260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722165)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"182.121.112.63"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722165/; classtype:trojan-activity;sid:81585265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722164)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.126.86.100"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722164/; classtype:trojan-activity;sid:81585264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722166)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"182.127.57.189"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722166/; classtype:trojan-activity;sid:81585266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722163)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"222.140.135.40"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722163/; classtype:trojan-activity;sid:81585263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722162)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"27.194.222.84"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722162/; classtype:trojan-activity;sid:81585262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722159)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"27.219.50.8"; depth:11; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722159/; classtype:trojan-activity;sid:81585259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722161)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"27.220.82.147"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722161/; classtype:trojan-activity;sid:81585261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722158)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"119.189.241.78"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722158/; classtype:trojan-activity;sid:81585258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722156)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"117.211.42.172"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722156/; classtype:trojan-activity;sid:81585256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722154)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"117.222.166.117"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722154/; classtype:trojan-activity;sid:81585254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722155)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"123.129.87.254"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722155/; classtype:trojan-activity;sid:81585255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722157)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"125.42.126.72"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722157/; classtype:trojan-activity;sid:81585257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722153)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"120.56.114.227"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722153/; classtype:trojan-activity;sid:81585253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722151)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"123.11.174.61"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722151/; classtype:trojan-activity;sid:81585251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722150)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"123.14.203.150"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722150/; classtype:trojan-activity;sid:81585250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722152)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"125.47.90.202"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722152/; classtype:trojan-activity;sid:81585252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722148)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"120.56.115.122"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722148/; classtype:trojan-activity;sid:81585248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722149)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"125.43.89.76"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722149/; classtype:trojan-activity;sid:81585249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722147)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"116.73.83.181"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722147/; classtype:trojan-activity;sid:81585247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722145)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"115.50.159.243"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722145/; classtype:trojan-activity;sid:81585245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722138)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"115.221.20.60"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722138/; classtype:trojan-activity;sid:81585238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722142)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"115.48.62.231"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722142/; classtype:trojan-activity;sid:81585242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722141)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"115.51.120.152"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722141/; classtype:trojan-activity;sid:81585241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722139)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"115.54.207.76"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722139/; classtype:trojan-activity;sid:81585239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722144)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"115.55.131.110"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722144/; classtype:trojan-activity;sid:81585244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722140)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; http.host; content:"27.207.64.195"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722140/; classtype:trojan-activity;sid:81585240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722137)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"114.234.166.171"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722137/; classtype:trojan-activity;sid:81585237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722136)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"103.115.181.62"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722136/; classtype:trojan-activity;sid:81585236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722135)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"112.27.124.125"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722135/; classtype:trojan-activity;sid:81585235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722134)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"113.201.219.161"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722134/; classtype:trojan-activity;sid:81585234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722131)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"112.226.4.7"; depth:11; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722131/; classtype:trojan-activity;sid:81585231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722132)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"112.238.83.100"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722132/; classtype:trojan-activity;sid:81585232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722128)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"112.226.93.247"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722128/; classtype:trojan-activity;sid:81585228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722129)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"112.240.250.67"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722129/; classtype:trojan-activity;sid:81585229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722126)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; http.host; content:"60.211.101.234"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722126/; classtype:trojan-activity;sid:81585226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722124)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; http.host; content:"200.123.233.0"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722124/; classtype:trojan-activity;sid:81585224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722123)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; http.host; content:"27.213.94.16"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722123/; classtype:trojan-activity;sid:81585223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722122)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; http.host; content:"60.243.113.216"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722122/; classtype:trojan-activity;sid:81585222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722121)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"60.243.236.10"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722121/; classtype:trojan-activity;sid:81585221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722119)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"61.163.136.107"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722119/; classtype:trojan-activity;sid:81585219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722118)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"61.53.24.242"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722118/; classtype:trojan-activity;sid:81585218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722120)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"61.54.78.38"; depth:11; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722120/; classtype:trojan-activity;sid:81585220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722117)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"69.196.158.227"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722117/; classtype:trojan-activity;sid:81585217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722116)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"59.177.39.121"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722116/; classtype:trojan-activity;sid:81585216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722115)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"59.180.138.240"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722115/; classtype:trojan-activity;sid:81585215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722110)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"42.224.53.16"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722110/; classtype:trojan-activity;sid:81585210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722113)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"42.224.84.166"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722113/; classtype:trojan-activity;sid:81585213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722109)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"42.227.240.168"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722109/; classtype:trojan-activity;sid:81585209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722111)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"42.235.152.27"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722111/; classtype:trojan-activity;sid:81585211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722112)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"59.93.238.83"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722112/; classtype:trojan-activity;sid:81585212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722107)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"42.231.156.22"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722107/; classtype:trojan-activity;sid:81585207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722108)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"45.176.108.244"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722108/; classtype:trojan-activity;sid:81585208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722105)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"221.14.164.20"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722105/; classtype:trojan-activity;sid:81585205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722106)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"222.137.164.90"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722106/; classtype:trojan-activity;sid:81585206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722099)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"219.155.22.89"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722099/; classtype:trojan-activity;sid:81585199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722102)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"219.156.99.250"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722102/; classtype:trojan-activity;sid:81585202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722104)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"221.15.86.7"; depth:11; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722104/; classtype:trojan-activity;sid:81585204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722103)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"222.139.118.53"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722103/; classtype:trojan-activity;sid:81585203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722101)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"222.142.202.123"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722101/; classtype:trojan-activity;sid:81585201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722100)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"27.204.238.224"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722100/; classtype:trojan-activity;sid:81585200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722097)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"27.210.234.44"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722097/; classtype:trojan-activity;sid:81585197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722098)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"27.216.119.219"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722098/; classtype:trojan-activity;sid:81585198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722096)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"125.47.201.65"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722096/; classtype:trojan-activity;sid:81585196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722094)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"182.58.218.181"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722094/; classtype:trojan-activity;sid:81585194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722095)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"183.92.208.21"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722095/; classtype:trojan-activity;sid:81585195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722088)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; http.host; content:"119.167.12.95"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722088/; classtype:trojan-activity;sid:81585188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722091)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"125.41.13.186"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722091/; classtype:trojan-activity;sid:81585191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722090)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"125.47.22.72"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722090/; classtype:trojan-activity;sid:81585190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722093)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.112.54.57"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722093/; classtype:trojan-activity;sid:81585193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722089)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.126.83.114"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722089/; classtype:trojan-activity;sid:81585189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722092)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"218.50.65.171"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722092/; classtype:trojan-activity;sid:81585192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722085)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"124.135.11.112"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722085/; classtype:trojan-activity;sid:81585185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722084)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; http.host; content:"115.59.255.24"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722084/; classtype:trojan-activity;sid:81585184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722083)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"112.255.112.138"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722083/; classtype:trojan-activity;sid:81585183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722081)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"115.59.222.117"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722081/; classtype:trojan-activity;sid:81585181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722080)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"118.137.5.27"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722080/; classtype:trojan-activity;sid:81585180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722078)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"111.92.62.223"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722078/; classtype:trojan-activity;sid:81585178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722079)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; http.host; content:"117.194.162.242"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722079/; classtype:trojan-activity;sid:81585179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722076)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"117.213.43.147"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722076/; classtype:trojan-activity;sid:81585176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722077)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"123.234.205.124"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722077/; classtype:trojan-activity;sid:81585177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722073)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"112.255.86.71"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722073/; classtype:trojan-activity;sid:81585173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722074)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"115.50.228.48"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722074/; classtype:trojan-activity;sid:81585174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722075)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"123.5.149.107"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722075/; classtype:trojan-activity;sid:81585175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722072)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/admin/invoice/51561835506299413/ytdaksvf/"; depth:42; endswith; http.host; content:"opticaquilin.cl"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722072/; classtype:trojan-activity;sid:81585172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722071)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; http.host; content:"112.242.62.90"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722071/; classtype:trojan-activity;sid:81585171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722069)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; http.host; content:"178.205.201.38"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722069/; classtype:trojan-activity;sid:81585169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722068)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; http.host; content:"60.211.101.234"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722068/; classtype:trojan-activity;sid:81585168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722067)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"78.181.149.135"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722067/; classtype:trojan-activity;sid:81585167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722066)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"59.92.180.99"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722066/; classtype:trojan-activity;sid:81585166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722065)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"60.214.88.99"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722065/; classtype:trojan-activity;sid:81585165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722064)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"42.235.31.66"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722064/; classtype:trojan-activity;sid:81585164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722063)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"45.176.110.104"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722063/; classtype:trojan-activity;sid:81585163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722062)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"60.212.74.250"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722062/; classtype:trojan-activity;sid:81585162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722061)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"61.53.60.93"; depth:11; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722061/; classtype:trojan-activity;sid:81585161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722060)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"27.7.160.183"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722060/; classtype:trojan-activity;sid:81585160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722059)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"27.7.169.69"; depth:11; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722059/; classtype:trojan-activity;sid:81585159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722058)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"42.232.227.156"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722058/; classtype:trojan-activity;sid:81585158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722053)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"27.216.179.144"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722053/; classtype:trojan-activity;sid:81585153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722056)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"42.227.174.159"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722056/; classtype:trojan-activity;sid:81585156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722057)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"42.228.72.176"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722057/; classtype:trojan-activity;sid:81585157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722055)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"42.235.123.16"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722055/; classtype:trojan-activity;sid:81585155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722052)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"218.8.83.229"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722052/; classtype:trojan-activity;sid:81585152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722051)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.57.162.252"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722051/; classtype:trojan-activity;sid:81585151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722050)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"219.157.137.196"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722050/; classtype:trojan-activity;sid:81585150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722047)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"182.57.86.174"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722047/; classtype:trojan-activity;sid:81585147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722048)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"202.67.98.53"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722048/; classtype:trojan-activity;sid:81585148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722049)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"222.137.229.157"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722049/; classtype:trojan-activity;sid:81585149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722046)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"219.157.134.207"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722046/; classtype:trojan-activity;sid:81585146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722045)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"222.138.177.16"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722045/; classtype:trojan-activity;sid:81585145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722044)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"221.15.141.244"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722044/; classtype:trojan-activity;sid:81585144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722043)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.117.66.196"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722043/; classtype:trojan-activity;sid:81585143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722041)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"168.205.223.254"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722041/; classtype:trojan-activity;sid:81585141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722042)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.112.52.51"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722042/; classtype:trojan-activity;sid:81585142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722040)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.117.77.214"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722040/; classtype:trojan-activity;sid:81585140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722039)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.117.81.111"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722039/; classtype:trojan-activity;sid:81585139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722037)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.117.108.37"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722037/; classtype:trojan-activity;sid:81585137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722038)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; http.host; content:"42.231.100.69"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722038/; classtype:trojan-activity;sid:81585138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722035)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"125.43.72.12"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722035/; classtype:trojan-activity;sid:81585135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722034)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; http.host; content:"182.117.49.71"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722034/; classtype:trojan-activity;sid:81585134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722036)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.120.54.199"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722036/; classtype:trojan-activity;sid:81585136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722033)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"116.73.70.146"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722033/; classtype:trojan-activity;sid:81585133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722032)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"123.4.81.159"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722032/; classtype:trojan-activity;sid:81585132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722029)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"119.179.40.155"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722029/; classtype:trojan-activity;sid:81585129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722031)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"119.197.175.60"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722031/; classtype:trojan-activity;sid:81585131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722030)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"123.11.194.35"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722030/; classtype:trojan-activity;sid:81585130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722028)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"117.11.92.28"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722028/; classtype:trojan-activity;sid:81585128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722027)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"115.97.7.177"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722027/; classtype:trojan-activity;sid:81585127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722026)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"117.213.42.5"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722026/; classtype:trojan-activity;sid:81585126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722025)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"123.130.163.68"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722025/; classtype:trojan-activity;sid:81585125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722023)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"123.233.237.186"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722023/; classtype:trojan-activity;sid:81585123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722024)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"124.135.182.113"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722024/; classtype:trojan-activity;sid:81585124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722021)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"115.51.111.211"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722021/; classtype:trojan-activity;sid:81585121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722020)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; http.host; content:"115.98.53.203"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722020/; classtype:trojan-activity;sid:81585120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722019)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"114.235.123.149"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722019/; classtype:trojan-activity;sid:81585119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722014)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"112.225.90.82"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722014/; classtype:trojan-activity;sid:81585114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722012)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"112.226.193.84"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722012/; classtype:trojan-activity;sid:81585112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722018)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"112.249.238.166"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722018/; classtype:trojan-activity;sid:81585118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722017)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"115.54.207.209"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722017/; classtype:trojan-activity;sid:81585117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722015)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"115.55.178.192"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722015/; classtype:trojan-activity;sid:81585115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722013)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"115.56.101.0"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722013/; classtype:trojan-activity;sid:81585113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722016)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"115.59.226.178"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722016/; classtype:trojan-activity;sid:81585116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722011)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; http.host; content:"115.69.106.214"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722011/; classtype:trojan-activity;sid:81585111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722010)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; http.host; content:"182.122.219.90"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722010/; classtype:trojan-activity;sid:81585110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722009)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"61.52.49.47"; depth:11; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722009/; classtype:trojan-activity;sid:81585109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722008)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"85.173.244.176"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722008/; classtype:trojan-activity;sid:81585108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722007)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"60.243.115.216"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722007/; classtype:trojan-activity;sid:81585107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722005)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"222.137.191.115"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722005/; classtype:trojan-activity;sid:81585105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722003)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"60.243.116.248"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722003/; classtype:trojan-activity;sid:81585103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722006)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/backup_sistemas/esp/lxnwosauujjit5q3/"; depth:38; endswith; http.host; content:"ceramicaburguina.com.br"; depth:23; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722006/; classtype:trojan-activity;sid:81585106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722001)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"27.187.250.116"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722001/; classtype:trojan-activity;sid:81585101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722000)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"39.86.242.179"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722000/; classtype:trojan-activity;sid:81585100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (722002)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"59.177.38.151"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/722002/; classtype:trojan-activity;sid:81585102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721998)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"39.66.179.245"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721998/; classtype:trojan-activity;sid:81585098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721999)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"42.228.238.178"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721999/; classtype:trojan-activity;sid:81585099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721997)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"60.212.9.113"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721997/; classtype:trojan-activity;sid:81585097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721996)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"202.91.90.70"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721996/; classtype:trojan-activity;sid:81585096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721995)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"182.59.115.8"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721995/; classtype:trojan-activity;sid:81585095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721988)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; http.host; content:"112.242.163.6"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721988/; classtype:trojan-activity;sid:81585088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721992)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.59.199.9"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721992/; classtype:trojan-activity;sid:81585092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721993)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"210.18.153.3"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721993/; classtype:trojan-activity;sid:81585093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721991)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"219.157.41.133"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721991/; classtype:trojan-activity;sid:81585091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721989)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"221.3.24.187"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721989/; classtype:trojan-activity;sid:81585089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721990)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"222.136.89.142"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721990/; classtype:trojan-activity;sid:81585090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721987)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.119.180.6"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721987/; classtype:trojan-activity;sid:81585087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721986)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; http.host; content:"117.194.162.242"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721986/; classtype:trojan-activity;sid:81585086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721984)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"171.81.81.245"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721984/; classtype:trojan-activity;sid:81585084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721983)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.121.113.15"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721983/; classtype:trojan-activity;sid:81585083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721981)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.127.165.101"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721981/; classtype:trojan-activity;sid:81585081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721982)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"182.127.91.7"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721982/; classtype:trojan-activity;sid:81585082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721979)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"117.194.165.38"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721979/; classtype:trojan-activity;sid:81585079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721978)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"115.48.149.110"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721978/; classtype:trojan-activity;sid:81585078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721976)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"115.69.102.39"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721976/; classtype:trojan-activity;sid:81585076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721975)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"117.221.250.112"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721975/; classtype:trojan-activity;sid:81585075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721974)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"117.222.167.90"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721974/; classtype:trojan-activity;sid:81585074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721971)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"115.49.4.83"; depth:11; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721971/; classtype:trojan-activity;sid:81585071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721972)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"115.56.167.145"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721972/; classtype:trojan-activity;sid:81585072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721973)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"123.11.161.237"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721973/; classtype:trojan-activity;sid:81585073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721969)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"115.61.108.78"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721969/; classtype:trojan-activity;sid:81585069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721970)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp/public/2330565049/bllohznhn/"; depth:32; endswith; http.host; content:"reddevil.xyz"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721970/; classtype:trojan-activity;sid:81585070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721968)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; http.host; content:"117.194.164.192"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721968/; classtype:trojan-activity;sid:81585068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721966)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"106.0.59.239"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721966/; classtype:trojan-activity;sid:81585066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721967)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"112.132.145.117"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721967/; classtype:trojan-activity;sid:81585067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721965)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; http.host; content:"219.155.9.254"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721965/; classtype:trojan-activity;sid:81585065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721964)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; http.host; content:"42.231.100.69"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721964/; classtype:trojan-activity;sid:81585064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721963)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; http.host; content:"39.73.255.75"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721963/; classtype:trojan-activity;sid:81585063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721962)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/u9pcjloefdgxdv/"; depth:25; endswith; http.host; content:"demo1.suhu.site"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721962/; classtype:trojan-activity;sid:81585062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721961)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; http.host; content:"182.121.145.86"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721961/; classtype:trojan-activity;sid:81585061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721960)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"42.228.237.15"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721960/; classtype:trojan-activity;sid:81585060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721959)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; http.host; content:"203.251.146.78"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721959/; classtype:trojan-activity;sid:81585059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721958)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"59.180.166.87"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721958/; classtype:trojan-activity;sid:81585058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721957)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"59.97.171.166"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721957/; classtype:trojan-activity;sid:81585057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721954)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; http.host; content:"182.121.156.192"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721954/; classtype:trojan-activity;sid:81585054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721953)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"58.19.149.205"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721953/; classtype:trojan-activity;sid:81585053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721955)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"59.97.169.19"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721955/; classtype:trojan-activity;sid:81585055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721951)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.59.58.148"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721951/; classtype:trojan-activity;sid:81585051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721952)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"187.103.82.101"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721952/; classtype:trojan-activity;sid:81585052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721946)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"219.156.66.160"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721946/; classtype:trojan-activity;sid:81585046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721948)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"222.74.186.174"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721948/; classtype:trojan-activity;sid:81585048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721945)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"27.203.225.146"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721945/; classtype:trojan-activity;sid:81585045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721947)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"27.210.119.80"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721947/; classtype:trojan-activity;sid:81585047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721950)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"27.217.66.109"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721950/; classtype:trojan-activity;sid:81585050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721949)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"27.219.68.139"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721949/; classtype:trojan-activity;sid:81585049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721943)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.124.145.64"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721943/; classtype:trojan-activity;sid:81585043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721944)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"27.213.39.109"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721944/; classtype:trojan-activity;sid:81585044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721942)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"124.129.226.160"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721942/; classtype:trojan-activity;sid:81585042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721941)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"123.5.180.115"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721941/; classtype:trojan-activity;sid:81585041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721938)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"123.14.24.179"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721938/; classtype:trojan-activity;sid:81585038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721939)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"125.41.15.37"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721939/; classtype:trojan-activity;sid:81585039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721940)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.116.98.246"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721940/; classtype:trojan-activity;sid:81585040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721937)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"125.42.126.217"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721937/; classtype:trojan-activity;sid:81585037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721936)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"150.242.22.116"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721936/; classtype:trojan-activity;sid:81585036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721934)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"115.96.119.240"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721934/; classtype:trojan-activity;sid:81585034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721931)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"115.97.66.191"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721931/; classtype:trojan-activity;sid:81585031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721930)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"117.242.210.158"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721930/; classtype:trojan-activity;sid:81585030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721929)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"123.11.8.188"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721929/; classtype:trojan-activity;sid:81585029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721926)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; http.host; content:"115.98.53.203"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721926/; classtype:trojan-activity;sid:81585026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721928)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"116.75.213.150"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721928/; classtype:trojan-activity;sid:81585028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721927)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"117.222.163.211"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721927/; classtype:trojan-activity;sid:81585027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721922)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; http.host; content:"115.49.66.29"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721922/; classtype:trojan-activity;sid:81585022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721923)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"117.211.41.57"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721923/; classtype:trojan-activity;sid:81585023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721925)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"117.211.43.10"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721925/; classtype:trojan-activity;sid:81585025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721924)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"123.12.240.168"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721924/; classtype:trojan-activity;sid:81585024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721921)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"112.230.233.155"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721921/; classtype:trojan-activity;sid:81585021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721920)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"1.0.135.28"; depth:10; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721920/; classtype:trojan-activity;sid:81585020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721919)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"115.49.25.165"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721919/; classtype:trojan-activity;sid:81585019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721918)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"115.51.88.22"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721918/; classtype:trojan-activity;sid:81585018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721917)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"111.92.63.165"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721917/; classtype:trojan-activity;sid:81585017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721916)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/index_htm_files/invoice/cbgatur/"; depth:33; endswith; http.host; content:"arquivopop.com.br"; depth:17; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721916/; classtype:trojan-activity;sid:81585016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721911)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"108.170.158.147"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721911/; classtype:trojan-activity;sid:81585011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721912)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"112.225.30.74"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721912/; classtype:trojan-activity;sid:81585012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721913)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"112.242.92.89"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721913/; classtype:trojan-activity;sid:81585013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721915)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"115.54.102.82"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721915/; classtype:trojan-activity;sid:81585015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721909)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; http.host; content:"125.41.14.24"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721909/; classtype:trojan-activity;sid:81585009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721910)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/img/vko.exe"; depth:12; endswith; http.host; content:"itravel.co.tz"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721910/; classtype:trojan-activity;sid:81585010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721908)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/img/document_o_4100021.doc"; depth:27; endswith; http.host; content:"itravel.co.tz"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721908/; classtype:trojan-activity;sid:81585008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721907)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; http.host; content:"182.126.116.29"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721907/; classtype:trojan-activity;sid:81585007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721906)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; http.host; content:"182.121.156.192"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721906/; classtype:trojan-activity;sid:81585006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721905)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/downloadcid=48ada4e22fff3e13|7c|26|7c|resid=48ada4e22fff3e13%21421|7c|26|7c|authkey=acd1sidm8c5fk0y"; depth:100; endswith; http.host; content:"onedrive.live.com"; depth:17; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721905/; classtype:trojan-activity;sid:81585005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721904)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/downloadcid=a88c38fdad791818|7c|26|7c|resid=a88c38fdad791818%21106|7c|26|7c|authkey=amah2vr-tz2hepw"; depth:100; endswith; http.host; content:"onedrive.live.com"; depth:17; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721904/; classtype:trojan-activity;sid:81585004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721901)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ven/octnew_wevcwpwno118.bin"; depth:28; endswith; http.host; content:"trackit.gr"; depth:10; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721901/; classtype:trojan-activity;sid:81585001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721900)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; http.host; content:"112.123.3.135"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721900/; classtype:trojan-activity;sid:81585000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721899)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; http.host; content:"203.251.146.78"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721899/; classtype:trojan-activity;sid:81584999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721898)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main/mode/vbc.exe"; depth:18; endswith; http.host; content:"kregmartlime.ga"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721898/; classtype:trojan-activity;sid:81584998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721897)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; http.host; content:"182.122.219.90"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721897/; classtype:trojan-activity;sid:81584997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721896)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main/mode/doument_f.doc"; depth:24; endswith; http.host; content:"kregmartlime.ga"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721896/; classtype:trojan-activity;sid:81584996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721895)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"42.228.66.141"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721895/; classtype:trojan-activity;sid:81584995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721894)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"42.235.187.151"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721894/; classtype:trojan-activity;sid:81584994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721893)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"60.243.117.160"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721893/; classtype:trojan-activity;sid:81584993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721890)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"39.88.131.245"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721890/; classtype:trojan-activity;sid:81584990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721889)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"42.230.96.35"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721889/; classtype:trojan-activity;sid:81584989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721891)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"45.248.195.41"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721891/; classtype:trojan-activity;sid:81584991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721892)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"61.54.43.204"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721892/; classtype:trojan-activity;sid:81584992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721888)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"78.189.94.228"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721888/; classtype:trojan-activity;sid:81584988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721884)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.121.45.240"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721884/; classtype:trojan-activity;sid:81584984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721881)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.126.84.230"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721881/; classtype:trojan-activity;sid:81584981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721879)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"219.155.97.6"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721879/; classtype:trojan-activity;sid:81584979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721885)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"222.141.78.201"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721885/; classtype:trojan-activity;sid:81584985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721880)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"27.217.187.214"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721880/; classtype:trojan-activity;sid:81584980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721883)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"27.41.97.172"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721883/; classtype:trojan-activity;sid:81584983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721882)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"27.6.187.253"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721882/; classtype:trojan-activity;sid:81584982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721886)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"27.7.104.98"; depth:11; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721886/; classtype:trojan-activity;sid:81584986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721878)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"31.163.158.203"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721878/; classtype:trojan-activity;sid:81584978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721877)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"123.129.63.130"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721877/; classtype:trojan-activity;sid:81584977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721875)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"117.213.40.3"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721875/; classtype:trojan-activity;sid:81584975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721876)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"123.130.191.183"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721876/; classtype:trojan-activity;sid:81584976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721874)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"125.44.37.19"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721874/; classtype:trojan-activity;sid:81584974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721872)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"125.47.246.251"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721872/; classtype:trojan-activity;sid:81584972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721873)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.116.97.208"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721873/; classtype:trojan-activity;sid:81584973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721871)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; http.host; content:"117.194.164.192"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721871/; classtype:trojan-activity;sid:81584971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721869)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"123.14.233.21"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721869/; classtype:trojan-activity;sid:81584969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721870)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"123.5.187.6"; depth:11; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721870/; classtype:trojan-activity;sid:81584970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721868)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"123.8.11.147"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721868/; classtype:trojan-activity;sid:81584968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721867)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"115.97.19.15"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721867/; classtype:trojan-activity;sid:81584967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721865)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"103.104.59.143"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721865/; classtype:trojan-activity;sid:81584965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721863)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"115.56.202.74"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721863/; classtype:trojan-activity;sid:81584963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721862)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"115.97.30.74"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721862/; classtype:trojan-activity;sid:81584962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721859)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"61.54.40.111"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721859/; classtype:trojan-activity;sid:81584959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721857)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"117.242.211.24"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721857/; classtype:trojan-activity;sid:81584957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721856)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"123.11.13.25"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721856/; classtype:trojan-activity;sid:81584956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721853)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"125.42.122.67"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721853/; classtype:trojan-activity;sid:81584953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721852)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"27.6.186.246"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721852/; classtype:trojan-activity;sid:81584952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721854)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"42.226.78.53"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721854/; classtype:trojan-activity;sid:81584954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721851)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.127.73.35"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721851/; classtype:trojan-activity;sid:81584951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721850)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"39.73.46.241"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721850/; classtype:trojan-activity;sid:81584950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721849)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"39.88.1.234"; depth:11; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721849/; classtype:trojan-activity;sid:81584949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721848)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nigga.x86"; depth:10; endswith; http.host; content:"45.153.203.197"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721848/; classtype:trojan-activity;sid:81584948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721847)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; http.host; content:"112.226.103.22"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721847/; classtype:trojan-activity;sid:81584947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721846)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; http.host; content:"115.49.66.29"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721846/; classtype:trojan-activity;sid:81584946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721845)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"59.97.175.136"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721845/; classtype:trojan-activity;sid:81584945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721844)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; http.host; content:"97.68.162.170"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721844/; classtype:trojan-activity;sid:81584944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721843)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"42.235.183.134"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721843/; classtype:trojan-activity;sid:81584943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721842)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"61.53.84.34"; depth:11; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721842/; classtype:trojan-activity;sid:81584942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721841)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"219.157.62.101"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721841/; classtype:trojan-activity;sid:81584941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721840)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"219.155.226.50"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721840/; classtype:trojan-activity;sid:81584940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721838)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.121.149.26"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721838/; classtype:trojan-activity;sid:81584938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721837)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"220.70.70.39"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721837/; classtype:trojan-activity;sid:81584937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721836)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"182.113.3.79"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721836/; classtype:trojan-activity;sid:81584936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721834)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"202.83.38.27"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721834/; classtype:trojan-activity;sid:81584934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721833)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"41.86.21.38"; depth:11; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721833/; classtype:trojan-activity;sid:81584933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721832)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"42.229.235.5"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721832/; classtype:trojan-activity;sid:81584932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721831)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.119.218.142"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721831/; classtype:trojan-activity;sid:81584931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721828)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.120.4.134"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721828/; classtype:trojan-activity;sid:81584928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721830)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"27.223.147.251"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721830/; classtype:trojan-activity;sid:81584930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721829)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"39.65.138.78"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721829/; classtype:trojan-activity;sid:81584929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721827)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"175.197.221.220"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721827/; classtype:trojan-activity;sid:81584927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721826)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"123.4.189.224"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721826/; classtype:trojan-activity;sid:81584926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721824)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"123.4.76.180"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721824/; classtype:trojan-activity;sid:81584924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721825)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/852160/nmkyeob-0002597/"; depth:33; endswith; http.host; content:"wisrichgroup.com"; depth:16; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721825/; classtype:trojan-activity;sid:81584925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721822)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"123.14.236.45"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721822/; classtype:trojan-activity;sid:81584922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721823)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"125.40.145.83"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721823/; classtype:trojan-activity;sid:81584923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721821)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"120.59.124.251"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721821/; classtype:trojan-activity;sid:81584921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721819)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"117.222.166.191"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721819/; classtype:trojan-activity;sid:81584919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721820)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"120.57.100.215"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721820/; classtype:trojan-activity;sid:81584920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721817)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"115.58.134.31"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721817/; classtype:trojan-activity;sid:81584917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721818)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"115.61.43.75"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721818/; classtype:trojan-activity;sid:81584918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721815)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"117.222.163.215"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721815/; classtype:trojan-activity;sid:81584915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721813)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"115.99.29.72"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721813/; classtype:trojan-activity;sid:81584913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721814)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"117.222.166.112"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721814/; classtype:trojan-activity;sid:81584914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721812)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"117.242.210.72"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721812/; classtype:trojan-activity;sid:81584912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721809)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"112.229.206.63"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721809/; classtype:trojan-activity;sid:81584909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721808)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"119.184.59.143"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721808/; classtype:trojan-activity;sid:81584908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721810)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"123.14.158.102"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721810/; classtype:trojan-activity;sid:81584910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721805)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"59.180.152.47"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721805/; classtype:trojan-activity;sid:81584905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721804)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; http.host; content:"112.226.103.22"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721804/; classtype:trojan-activity;sid:81584904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721803)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"42.237.81.105"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721803/; classtype:trojan-activity;sid:81584903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721801)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"42.230.176.196"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721801/; classtype:trojan-activity;sid:81584901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721799)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"59.180.165.96"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721799/; classtype:trojan-activity;sid:81584899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721800)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/lm/jhyqdialgghu5fm/"; depth:29; endswith; http.host; content:"polyconcontracting.com"; depth:22; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721800/; classtype:trojan-activity;sid:81584900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721798)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"27.35.172.208"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721798/; classtype:trojan-activity;sid:81584898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721796)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"219.157.146.166"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721796/; classtype:trojan-activity;sid:81584896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721795)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"219.157.28.128"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721795/; classtype:trojan-activity;sid:81584895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721794)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"222.134.26.111"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721794/; classtype:trojan-activity;sid:81584894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721790)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"27.193.22.124"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721790/; classtype:trojan-activity;sid:81584890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721791)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"27.223.199.248"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721791/; classtype:trojan-activity;sid:81584891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721797)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"36.107.239.29"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721797/; classtype:trojan-activity;sid:81584897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721793)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"42.224.139.171"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721793/; classtype:trojan-activity;sid:81584893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721792)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"42.224.22.238"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721792/; classtype:trojan-activity;sid:81584892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721789)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"27.207.205.77"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721789/; classtype:trojan-activity;sid:81584889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721788)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"39.79.237.84"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721788/; classtype:trojan-activity;sid:81584888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721787)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"125.40.75.139"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721787/; classtype:trojan-activity;sid:81584887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721784)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.58.186.63"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721784/; classtype:trojan-activity;sid:81584884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721786)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"203.163.244.136"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721786/; classtype:trojan-activity;sid:81584886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721783)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"197.232.32.94"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721783/; classtype:trojan-activity;sid:81584883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721781)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/assets/tw/"; depth:11; endswith; http.host; content:"virtual-event-service.com"; depth:25; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721781/; classtype:trojan-activity;sid:81584881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721782)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/identify-the/im/"; depth:17; endswith; http.host; content:"mahfuzur32785.com"; depth:17; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721782/; classtype:trojan-activity;sid:81584882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721780)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/email.rovonize.com.rovonize.com/m/"; depth:35; endswith; http.host; content:"rovonize.com"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721780/; classtype:trojan-activity;sid:81584880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721779)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.58.203.18"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721779/; classtype:trojan-activity;sid:81584879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721777)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.112.2.170"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721777/; classtype:trojan-activity;sid:81584877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721776)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"182.119.10.217"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721776/; classtype:trojan-activity;sid:81584876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721774)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.58.137.166"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721774/; classtype:trojan-activity;sid:81584874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721773)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.126.91.142"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721773/; classtype:trojan-activity;sid:81584873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721771)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"116.73.81.87"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721771/; classtype:trojan-activity;sid:81584871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721768)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"115.56.141.59"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721768/; classtype:trojan-activity;sid:81584868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721770)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"116.24.75.142"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721770/; classtype:trojan-activity;sid:81584870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721766)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"112.245.173.189"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721766/; classtype:trojan-activity;sid:81584866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721765)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"125.40.114.86"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721765/; classtype:trojan-activity;sid:81584865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721760)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"112.249.81.37"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721760/; classtype:trojan-activity;sid:81584860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721763)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"115.50.160.114"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721763/; classtype:trojan-activity;sid:81584863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721762)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"119.179.207.109"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721762/; classtype:trojan-activity;sid:81584862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721759)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"123.128.89.84"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721759/; classtype:trojan-activity;sid:81584859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721761)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"123.4.80.128"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721761/; classtype:trojan-activity;sid:81584861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721764)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; http.host; content:"27.194.113.210"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721764/; classtype:trojan-activity;sid:81584864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721758)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; http.host; content:"39.79.147.105"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721758/; classtype:trojan-activity;sid:81584858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721756)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; http.host; content:"82.128.141.82"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721756/; classtype:trojan-activity;sid:81584856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721755)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; http.host; content:"42.227.167.70"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721755/; classtype:trojan-activity;sid:81584855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721754)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; http.host; content:"110.14.58.190"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721754/; classtype:trojan-activity;sid:81584854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721753)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/inc/brhvkmtu/"; depth:25; endswith; http.host; content:"cranfordtechnologies.co.ke"; depth:26; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721753/; classtype:trojan-activity;sid:81584853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721749)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; http.host; content:"112.238.100.233"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721749/; classtype:trojan-activity;sid:81584849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721751)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"182.119.138.21"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721751/; classtype:trojan-activity;sid:81584851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721748)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"27.213.143.123"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721748/; classtype:trojan-activity;sid:81584848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721750)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"27.223.230.68"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721750/; classtype:trojan-activity;sid:81584850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721752)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"60.243.126.217"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721752/; classtype:trojan-activity;sid:81584852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721747)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"42.224.236.178"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721747/; classtype:trojan-activity;sid:81584847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721746)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; http.host; content:"177.125.74.86"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721746/; classtype:trojan-activity;sid:81584846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721744)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"123.235.233.24"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721744/; classtype:trojan-activity;sid:81584844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721745)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"125.130.190.131"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721745/; classtype:trojan-activity;sid:81584845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721743)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"115.50.206.246"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721743/; classtype:trojan-activity;sid:81584843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721742)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"125.41.10.62"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721742/; classtype:trojan-activity;sid:81584842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721740)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"182.117.123.3"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721740/; classtype:trojan-activity;sid:81584840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721738)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"115.52.20.21"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721738/; classtype:trojan-activity;sid:81584838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721739)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"115.58.22.253"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721739/; classtype:trojan-activity;sid:81584839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721737)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"125.46.228.63"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721737/; classtype:trojan-activity;sid:81584837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721735)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/assets/esp/q6lso7mp2/r76qawavas41k/"; depth:36; endswith; http.host; content:"cobroagil.com.ec"; depth:16; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721735/; classtype:trojan-activity;sid:81584835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721736)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/assets/esp/q6lso7mp2/r76qawavas41k/"; depth:36; endswith; http.host; content:"cobroagil.com.ec"; depth:16; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721736/; classtype:trojan-activity;sid:81584836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721734)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; http.host; content:"200.123.233.164"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721734/; classtype:trojan-activity;sid:81584834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721733)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; http.host; content:"27.194.113.210"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721733/; classtype:trojan-activity;sid:81584833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721732)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/llc/00925512882079/jmibd5-0004000/"; depth:44; endswith; http.host; content:"divergentcare.co.uk"; depth:19; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721732/; classtype:trojan-activity;sid:81584832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721731)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; http.host; content:"14.46.190.42"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721731/; classtype:trojan-activity;sid:81584831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721730)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"61.52.187.230"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721730/; classtype:trojan-activity;sid:81584830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721728)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"59.96.36.154"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721728/; classtype:trojan-activity;sid:81584828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721727)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; http.host; content:"27.194.251.114"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721727/; classtype:trojan-activity;sid:81584827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721726)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"42.234.249.149"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721726/; classtype:trojan-activity;sid:81584826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721725)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"222.137.211.166"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721725/; classtype:trojan-activity;sid:81584825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721723)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"222.138.103.111"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721723/; classtype:trojan-activity;sid:81584823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721718)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"27.193.130.138"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721718/; classtype:trojan-activity;sid:81584818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721717)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"27.210.129.54"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721717/; classtype:trojan-activity;sid:81584817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721716)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"39.65.136.231"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721716/; classtype:trojan-activity;sid:81584816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721722)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"42.228.47.43"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721722/; classtype:trojan-activity;sid:81584822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721721)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"42.231.67.243"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721721/; classtype:trojan-activity;sid:81584821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721724)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"42.235.190.173"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721724/; classtype:trojan-activity;sid:81584824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721715)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.59.93.134"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721715/; classtype:trojan-activity;sid:81584815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721713)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"219.157.136.33"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721713/; classtype:trojan-activity;sid:81584813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721710)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"182.112.66.54"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721710/; classtype:trojan-activity;sid:81584810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721709)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"182.121.30.126"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721709/; classtype:trojan-activity;sid:81584809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721707)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.56.208.237"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721707/; classtype:trojan-activity;sid:81584807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721711)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.59.217.50"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721711/; classtype:trojan-activity;sid:81584811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721704)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.117.65.60"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721704/; classtype:trojan-activity;sid:81584804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721705)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"182.127.211.239"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721705/; classtype:trojan-activity;sid:81584805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721706)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"186.28.126.232"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721706/; classtype:trojan-activity;sid:81584806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721702)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"119.162.134.222"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721702/; classtype:trojan-activity;sid:81584802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721701)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"120.59.123.23"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721701/; classtype:trojan-activity;sid:81584801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721700)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"116.75.198.33"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721700/; classtype:trojan-activity;sid:81584800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721696)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"117.202.69.236"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721696/; classtype:trojan-activity;sid:81584796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721693)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"123.14.40.136"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721693/; classtype:trojan-activity;sid:81584793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721695)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"123.7.43.39"; depth:11; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721695/; classtype:trojan-activity;sid:81584795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721694)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"125.46.207.201"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721694/; classtype:trojan-activity;sid:81584794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721692)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; http.host; content:"201.210.254.209"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721692/; classtype:trojan-activity;sid:81584792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721691)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"115.59.197.128"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721691/; classtype:trojan-activity;sid:81584791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721690)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"112.247.190.10"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721690/; classtype:trojan-activity;sid:81584790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721689)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"115.54.200.114"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721689/; classtype:trojan-activity;sid:81584789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721688)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"115.55.189.63"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721688/; classtype:trojan-activity;sid:81584788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721687)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"115.60.201.186"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721687/; classtype:trojan-activity;sid:81584787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721684)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"112.226.226.144"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721684/; classtype:trojan-activity;sid:81584784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721683)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"112.242.146.83"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721683/; classtype:trojan-activity;sid:81584783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721686)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"113.87.102.20"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721686/; classtype:trojan-activity;sid:81584786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721681)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"115.63.181.10"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721681/; classtype:trojan-activity;sid:81584781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721680)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"112.248.18.230"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721680/; classtype:trojan-activity;sid:81584780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721679)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"112.255.154.54"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721679/; classtype:trojan-activity;sid:81584779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721677)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cgi-bin/llc/vycj/"; depth:18; endswith; http.host; content:"jebs.net.au"; depth:11; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721677/; classtype:trojan-activity;sid:81584777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721675)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"59.97.169.132"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721675/; classtype:trojan-activity;sid:81584775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721674)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"27.7.102.112"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721674/; classtype:trojan-activity;sid:81584774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721673)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"42.224.1.157"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721673/; classtype:trojan-activity;sid:81584773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721671)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"27.6.184.111"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721671/; classtype:trojan-activity;sid:81584771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721669)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; http.host; content:"14.188.82.133"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721669/; classtype:trojan-activity;sid:81584769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721670)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"61.52.211.79"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721670/; classtype:trojan-activity;sid:81584770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721668)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/img/llc/82350520553/tlebx0lmcvs-996/"; depth:37; endswith; http.host; content:"mingo.tv"; depth:8; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721668/; classtype:trojan-activity;sid:81584768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721666)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"27.5.44.99"; depth:10; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721666/; classtype:trojan-activity;sid:81584766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721667)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"42.234.191.3"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721667/; classtype:trojan-activity;sid:81584767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721665)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"60.243.123.100"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721665/; classtype:trojan-activity;sid:81584765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721662)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"27.223.216.48"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721662/; classtype:trojan-activity;sid:81584762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721661)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"221.15.141.244"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721661/; classtype:trojan-activity;sid:81584761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721660)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"200.123.232.102"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721660/; classtype:trojan-activity;sid:81584760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721659)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"222.137.79.172"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721659/; classtype:trojan-activity;sid:81584759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721658)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"222.140.134.247"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721658/; classtype:trojan-activity;sid:81584758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721656)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"219.156.101.71"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721656/; classtype:trojan-activity;sid:81584756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721654)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"202.83.37.224"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721654/; classtype:trojan-activity;sid:81584754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721653)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"220.89.71.36"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721653/; classtype:trojan-activity;sid:81584753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721655)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"221.0.149.189"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721655/; classtype:trojan-activity;sid:81584755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721652)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"222.138.18.198"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721652/; classtype:trojan-activity;sid:81584752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721651)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"219.155.40.175"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721651/; classtype:trojan-activity;sid:81584751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721650)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"223.13.87.232"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721650/; classtype:trojan-activity;sid:81584750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721648)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; http.host; content:"60.243.122.86"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721648/; classtype:trojan-activity;sid:81584748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721647)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"118.79.208.156"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721647/; classtype:trojan-activity;sid:81584747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721646)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.113.15.105"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721646/; classtype:trojan-activity;sid:81584746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721645)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"115.99.248.114"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721645/; classtype:trojan-activity;sid:81584745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721641)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"123.11.15.208"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721641/; classtype:trojan-activity;sid:81584741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721642)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.121.92.56"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721642/; classtype:trojan-activity;sid:81584742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721639)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"123.234.13.90"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721639/; classtype:trojan-activity;sid:81584739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721636)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"123.234.197.165"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721636/; classtype:trojan-activity;sid:81584736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721638)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.116.108.201"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721638/; classtype:trojan-activity;sid:81584738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721635)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"111.92.52.219"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721635/; classtype:trojan-activity;sid:81584735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721629)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"110.253.219.36"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721629/; classtype:trojan-activity;sid:81584729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721633)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"112.255.108.172"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721633/; classtype:trojan-activity;sid:81584733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721630)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"115.58.88.205"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721630/; classtype:trojan-activity;sid:81584730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721632)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"115.61.104.179"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721632/; classtype:trojan-activity;sid:81584732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721631)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"115.97.80.169"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721631/; classtype:trojan-activity;sid:81584731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721628)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gm-trouble/s/"; depth:14; endswith; http.host; content:"colegiodecomunicadoressocialesdelguayas.com"; depth:43; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721628/; classtype:trojan-activity;sid:81584728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721626)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/presta/u3u/"; depth:12; endswith; http.host; content:"prodominiospruebas.tk"; depth:21; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721626/; classtype:trojan-activity;sid:81584726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721625)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/parting-out/1mi/"; depth:17; endswith; http.host; content:"affiliateking.xyz"; depth:17; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721625/; classtype:trojan-activity;sid:81584725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721620)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; http.host; content:"123.14.192.178"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721620/; classtype:trojan-activity;sid:81584720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721617)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"59.99.40.98"; depth:11; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721617/; classtype:trojan-activity;sid:81584717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721618)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"61.156.101.166"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721618/; classtype:trojan-activity;sid:81584718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721616)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"60.243.118.197"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721616/; classtype:trojan-activity;sid:81584716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721615)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"61.53.72.51"; depth:11; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721615/; classtype:trojan-activity;sid:81584715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721613)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"60.208.150.94"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721613/; classtype:trojan-activity;sid:81584713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721611)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"60.211.110.225"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721611/; classtype:trojan-activity;sid:81584711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721614)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"70.44.225.218"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721614/; classtype:trojan-activity;sid:81584714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721610)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; http.host; content:"69.10.193.239"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721610/; classtype:trojan-activity;sid:81584710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721609)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"42.229.239.32"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721609/; classtype:trojan-activity;sid:81584709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721608)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"27.222.80.112"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721608/; classtype:trojan-activity;sid:81584708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721607)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"42.225.3.38"; depth:11; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721607/; classtype:trojan-activity;sid:81584707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721606)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; http.host; content:"119.56.142.35"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721606/; classtype:trojan-activity;sid:81584706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721605)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"42.233.101.166"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721605/; classtype:trojan-activity;sid:81584705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721600)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"27.222.77.200"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721600/; classtype:trojan-activity;sid:81584700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721598)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"39.73.237.179"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721598/; classtype:trojan-activity;sid:81584698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721604)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"39.83.41.93"; depth:11; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721604/; classtype:trojan-activity;sid:81584704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721599)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"42.226.91.118"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721599/; classtype:trojan-activity;sid:81584699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721602)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"42.234.228.122"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721602/; classtype:trojan-activity;sid:81584702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721603)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"42.235.71.194"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721603/; classtype:trojan-activity;sid:81584703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721597)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"219.156.11.25"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721597/; classtype:trojan-activity;sid:81584697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721596)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"221.15.238.248"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721596/; classtype:trojan-activity;sid:81584696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721594)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"222.137.120.202"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721594/; classtype:trojan-activity;sid:81584694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721595)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"222.140.183.181"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721595/; classtype:trojan-activity;sid:81584695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721593)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.116.99.240"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721593/; classtype:trojan-activity;sid:81584693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721590)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.120.55.146"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721590/; classtype:trojan-activity;sid:81584690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721586)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.119.203.169"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721586/; classtype:trojan-activity;sid:81584686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721588)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"222.137.122.127"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721588/; classtype:trojan-activity;sid:81584688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721589)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"27.206.245.29"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721589/; classtype:trojan-activity;sid:81584689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721583)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"115.59.196.63"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721583/; classtype:trojan-activity;sid:81584683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721584)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"123.129.88.4"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721584/; classtype:trojan-activity;sid:81584684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721577)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"115.99.204.209"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721577/; classtype:trojan-activity;sid:81584677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721580)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"119.180.69.75"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721580/; classtype:trojan-activity;sid:81584680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721581)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"123.9.244.187"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721581/; classtype:trojan-activity;sid:81584681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721579)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"125.45.40.248"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721579/; classtype:trojan-activity;sid:81584679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721582)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.113.204.28"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721582/; classtype:trojan-activity;sid:81584682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721576)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"182.116.72.167"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721576/; classtype:trojan-activity;sid:81584676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721574)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"113.201.20.244"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721574/; classtype:trojan-activity;sid:81584674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721572)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"106.0.59.32"; depth:11; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721572/; classtype:trojan-activity;sid:81584672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721571)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"112.226.203.4"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721571/; classtype:trojan-activity;sid:81584671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721569)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"112.248.58.46"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721569/; classtype:trojan-activity;sid:81584669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721573)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"112.93.17.215"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721573/; classtype:trojan-activity;sid:81584673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721567)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"110.230.64.101"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721567/; classtype:trojan-activity;sid:81584667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721566)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"115.48.144.45"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721566/; classtype:trojan-activity;sid:81584666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721568)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"115.50.121.111"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721568/; classtype:trojan-activity;sid:81584668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721565)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/lm/gnwzpm/"; depth:20; endswith; http.host; content:"www.meuvoto2020.com.br"; depth:22; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721565/; classtype:trojan-activity;sid:81584665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721563)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cgi-bin/payment/xt0ym380-080069/"; depth:33; endswith; http.host; content:"etkinlikraporu.org"; depth:18; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721563/; classtype:trojan-activity;sid:81584663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721562)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"59.97.174.134"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721562/; classtype:trojan-activity;sid:81584662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721561)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"59.99.41.172"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721561/; classtype:trojan-activity;sid:81584661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721560)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"42.230.177.164"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721560/; classtype:trojan-activity;sid:81584660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721559)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"221.0.126.198"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721559/; classtype:trojan-activity;sid:81584659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721554)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"222.140.185.208"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721554/; classtype:trojan-activity;sid:81584654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721557)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"27.210.146.180"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721557/; classtype:trojan-activity;sid:81584657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721553)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"27.218.255.31"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721553/; classtype:trojan-activity;sid:81584653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721552)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"39.73.69.29"; depth:11; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721552/; classtype:trojan-activity;sid:81584652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721555)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"39.86.7.103"; depth:11; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721555/; classtype:trojan-activity;sid:81584655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721556)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"39.89.240.58"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721556/; classtype:trojan-activity;sid:81584656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721558)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"42.224.250.60"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721558/; classtype:trojan-activity;sid:81584658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721550)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"27.207.192.15"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721550/; classtype:trojan-activity;sid:81584650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721549)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.59.212.25"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721549/; classtype:trojan-activity;sid:81584649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721548)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"180.104.72.144"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721548/; classtype:trojan-activity;sid:81584648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721544)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"125.47.246.21"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721544/; classtype:trojan-activity;sid:81584644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721546)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.119.95.7"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721546/; classtype:trojan-activity;sid:81584646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721547)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"182.59.226.151"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721547/; classtype:trojan-activity;sid:81584647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721545)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"190.58.55.192"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721545/; classtype:trojan-activity;sid:81584645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721540)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"125.43.112.123"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721540/; classtype:trojan-activity;sid:81584640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721543)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"125.44.214.206"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721543/; classtype:trojan-activity;sid:81584643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721541)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.116.74.108"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721541/; classtype:trojan-activity;sid:81584641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721542)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"219.154.120.4"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721542/; classtype:trojan-activity;sid:81584642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721537)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"117.194.163.129"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721537/; classtype:trojan-activity;sid:81584637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721536)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"119.36.24.53"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721536/; classtype:trojan-activity;sid:81584636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721535)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"123.12.241.190"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721535/; classtype:trojan-activity;sid:81584635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721534)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"123.5.185.227"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721534/; classtype:trojan-activity;sid:81584634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721533)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"125.40.151.5"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721533/; classtype:trojan-activity;sid:81584633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721532)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"115.48.154.23"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721532/; classtype:trojan-activity;sid:81584632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721530)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"112.242.93.160"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721530/; classtype:trojan-activity;sid:81584630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721531)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"113.237.9.42"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721531/; classtype:trojan-activity;sid:81584631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721528)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"115.48.145.210"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721528/; classtype:trojan-activity;sid:81584628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721529)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"115.99.29.16"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721529/; classtype:trojan-activity;sid:81584629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721527)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"103.73.155.19"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721527/; classtype:trojan-activity;sid:81584627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721526)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"115.50.254.37"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721526/; classtype:trojan-activity;sid:81584626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721523)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"103.35.142.86"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721523/; classtype:trojan-activity;sid:81584623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721522)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"113.87.224.108"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721522/; classtype:trojan-activity;sid:81584622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721520)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"113.89.124.13"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721520/; classtype:trojan-activity;sid:81584620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721524)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"115.58.135.118"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721524/; classtype:trojan-activity;sid:81584624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721521)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"115.61.139.254"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721521/; classtype:trojan-activity;sid:81584621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721525)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"115.97.64.184"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721525/; classtype:trojan-activity;sid:81584625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721519)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m+-o+/tmp/netgear|7c|3b|7c|sh+netgear|7c|26|7c|curpath=/|7c|26|7c|currentsetting.htm=1"; depth:92; endswith; http.host; content:"182.114.87.227"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721519/; classtype:trojan-activity;sid:81584619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721518)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/morgan-stanley/report/660917227716827/xaffgkl/"; depth:47; endswith; http.host; content:"britocapelo.com"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721518/; classtype:trojan-activity;sid:81584618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721517)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; http.host; content:"59.30.12.254"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721517/; classtype:trojan-activity;sid:81584617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721516)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; http.host; content:"123.14.192.178"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721516/; classtype:trojan-activity;sid:81584616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721513)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"27.5.47.85"; depth:10; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721513/; classtype:trojan-activity;sid:81584613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721512)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"39.77.12.207"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721512/; classtype:trojan-activity;sid:81584612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721514)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"42.234.104.105"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721514/; classtype:trojan-activity;sid:81584614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721511)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"42.233.159.59"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721511/; classtype:trojan-activity;sid:81584611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721510)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"42.236.213.33"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721510/; classtype:trojan-activity;sid:81584610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721509)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"77.43.186.242"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721509/; classtype:trojan-activity;sid:81584609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721508)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.117.74.129"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721508/; classtype:trojan-activity;sid:81584608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721507)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"125.123.232.205"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721507/; classtype:trojan-activity;sid:81584607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721506)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.121.13.19"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721506/; classtype:trojan-activity;sid:81584606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721502)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"125.45.67.203"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721502/; classtype:trojan-activity;sid:81584602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721503)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"182.112.222.176"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721503/; classtype:trojan-activity;sid:81584603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721505)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"219.154.105.173"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721505/; classtype:trojan-activity;sid:81584605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721501)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"27.202.67.248"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721501/; classtype:trojan-activity;sid:81584601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721504)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"27.220.77.71"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721504/; classtype:trojan-activity;sid:81584604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721500)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; http.host; content:"69.10.193.239"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721500/; classtype:trojan-activity;sid:81584600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721499)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"120.59.121.98"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721499/; classtype:trojan-activity;sid:81584599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721497)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"123.9.198.176"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721497/; classtype:trojan-activity;sid:81584597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721496)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"124.135.69.223"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721496/; classtype:trojan-activity;sid:81584596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721495)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/installa.dll"; depth:13; endswith; http.host; content:"linksystems.casa"; depth:16; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721495/; classtype:trojan-activity;sid:81584595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721494)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"116.2.95.134"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721494/; classtype:trojan-activity;sid:81584594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721491)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"103.223.12.111"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721491/; classtype:trojan-activity;sid:81584591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721492)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"112.252.197.12"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721492/; classtype:trojan-activity;sid:81584592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721486)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"104.158.61.214"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721486/; classtype:trojan-activity;sid:81584586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721487)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"110.157.223.200"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721487/; classtype:trojan-activity;sid:81584587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721485)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"112.225.174.147"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721485/; classtype:trojan-activity;sid:81584585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721488)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"112.255.233.125"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721488/; classtype:trojan-activity;sid:81584588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721483)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"112.226.136.240"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721483/; classtype:trojan-activity;sid:81584583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721484)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"112.242.243.170"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721484/; classtype:trojan-activity;sid:81584584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721482)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; http.host; content:"59.99.43.111"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721482/; classtype:trojan-activity;sid:81584582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721478)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"39.89.219.17"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721478/; classtype:trojan-activity;sid:81584578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721477)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"42.224.168.184"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721477/; classtype:trojan-activity;sid:81584577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721476)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"61.53.116.155"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721476/; classtype:trojan-activity;sid:81584576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721475)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; http.host; content:"65.49.123.104"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721475/; classtype:trojan-activity;sid:81584575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721474)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"222.138.224.228"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721474/; classtype:trojan-activity;sid:81584574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721472)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"27.202.158.223"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721472/; classtype:trojan-activity;sid:81584572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721469)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"221.0.96.149"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721469/; classtype:trojan-activity;sid:81584569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721470)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"39.86.64.49"; depth:11; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721470/; classtype:trojan-activity;sid:81584570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721467)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.126.87.174"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721467/; classtype:trojan-activity;sid:81584567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721464)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"171.119.197.255"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721464/; classtype:trojan-activity;sid:81584564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721463)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.116.105.252"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721463/; classtype:trojan-activity;sid:81584563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721461)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"182.116.107.133"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721461/; classtype:trojan-activity;sid:81584561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721466)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.117.42.123"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721466/; classtype:trojan-activity;sid:81584566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721460)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"182.121.145.86"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721460/; classtype:trojan-activity;sid:81584560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721462)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.122.200.178"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721462/; classtype:trojan-activity;sid:81584562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721458)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"119.178.250.149"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721458/; classtype:trojan-activity;sid:81584558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721457)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"119.187.224.250"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721457/; classtype:trojan-activity;sid:81584557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721453)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"125.44.47.186"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721453/; classtype:trojan-activity;sid:81584553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721454)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"125.45.56.85"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721454/; classtype:trojan-activity;sid:81584554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721456)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"125.47.68.154"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721456/; classtype:trojan-activity;sid:81584556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721449)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"112.112.75.9"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721449/; classtype:trojan-activity;sid:81584549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721448)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"103.210.41.187"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721448/; classtype:trojan-activity;sid:81584548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721444)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"112.30.4.84"; depth:11; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721444/; classtype:trojan-activity;sid:81584544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721447)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"115.56.131.170"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721447/; classtype:trojan-activity;sid:81584547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721446)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"115.56.148.65"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721446/; classtype:trojan-activity;sid:81584546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721443)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; http.host; content:"182.114.17.203"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721443/; classtype:trojan-activity;sid:81584543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721441)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"110.157.223.200"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721441/; classtype:trojan-activity;sid:81584541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721442)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"116.73.81.144"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721442/; classtype:trojan-activity;sid:81584542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721440)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; http.host; content:"116.24.83.160"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721440/; classtype:trojan-activity;sid:81584540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721439)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; http.host; content:"186.150.209.225"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721439/; classtype:trojan-activity;sid:81584539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721437)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; http.host; content:"59.30.12.254"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721437/; classtype:trojan-activity;sid:81584537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721435)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"60.211.58.109"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721435/; classtype:trojan-activity;sid:81584535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721429)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; http.host; content:"115.56.152.87"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721429/; classtype:trojan-activity;sid:81584529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721427)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"39.78.111.221"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721427/; classtype:trojan-activity;sid:81584527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721426)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"39.88.166.18"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721426/; classtype:trojan-activity;sid:81584526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721428)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"41.86.18.151"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721428/; classtype:trojan-activity;sid:81584528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721425)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"46.201.26.130"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721425/; classtype:trojan-activity;sid:81584525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721430)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"59.97.174.62"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721430/; classtype:trojan-activity;sid:81584530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721423)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"39.90.161.243"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721423/; classtype:trojan-activity;sid:81584523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721424)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"42.228.40.171"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721424/; classtype:trojan-activity;sid:81584524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721422)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"42.233.157.75"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721422/; classtype:trojan-activity;sid:81584522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721421)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"27.16.197.14"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721421/; classtype:trojan-activity;sid:81584521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721419)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"211.237.120.206"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721419/; classtype:trojan-activity;sid:81584519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721418)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"221.14.167.24"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721418/; classtype:trojan-activity;sid:81584518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721417)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"221.0.242.34"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721417/; classtype:trojan-activity;sid:81584517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721416)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"223.13.59.172"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721416/; classtype:trojan-activity;sid:81584516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721415)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"219.155.29.73"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721415/; classtype:trojan-activity;sid:81584515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721413)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"219.155.97.6"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721413/; classtype:trojan-activity;sid:81584513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721410)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.117.106.45"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721410/; classtype:trojan-activity;sid:81584510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721404)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; http.host; content:"124.131.131.82"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721404/; classtype:trojan-activity;sid:81584504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721403)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.116.116.27"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721403/; classtype:trojan-activity;sid:81584503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721409)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.117.41.71"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721409/; classtype:trojan-activity;sid:81584509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721406)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.119.229.192"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721406/; classtype:trojan-activity;sid:81584506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721408)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.124.211.89"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721408/; classtype:trojan-activity;sid:81584508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721405)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"200.123.233.10"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721405/; classtype:trojan-activity;sid:81584505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721399)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"119.108.180.142"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721399/; classtype:trojan-activity;sid:81584499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721400)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"119.56.144.98"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721400/; classtype:trojan-activity;sid:81584500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721397)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"123.10.2.130"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721397/; classtype:trojan-activity;sid:81584497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721395)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"123.134.51.47"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721395/; classtype:trojan-activity;sid:81584495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721394)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"124.135.180.108"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721394/; classtype:trojan-activity;sid:81584494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721396)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.112.22.61"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721396/; classtype:trojan-activity;sid:81584496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721398)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cgi-bin/parts_service/40677/f6pkh-0676427/"; depth:43; endswith; http.host; content:"testsite.muchscu.org"; depth:20; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721398/; classtype:trojan-activity;sid:81584498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721392)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"103.110.126.75"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721392/; classtype:trojan-activity;sid:81584492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721391)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"112.237.62.190"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721391/; classtype:trojan-activity;sid:81584491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721389)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"117.194.163.184"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721389/; classtype:trojan-activity;sid:81584489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721388)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"117.202.68.19"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721388/; classtype:trojan-activity;sid:81584488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721386)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"119.102.100.249"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721386/; classtype:trojan-activity;sid:81584486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721385)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"115.50.253.196"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721385/; classtype:trojan-activity;sid:81584485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721384)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"115.51.105.183"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721384/; classtype:trojan-activity;sid:81584484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721383)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"115.56.130.108"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721383/; classtype:trojan-activity;sid:81584483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721380)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp/parts_service/37726535495970/24hrs-00985/"; depth:45; endswith; http.host; content:"jumpgood.digital"; depth:16; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721380/; classtype:trojan-activity;sid:81584480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721377)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"59.92.181.150"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721377/; classtype:trojan-activity;sid:81584477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721376)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"60.243.119.122"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721376/; classtype:trojan-activity;sid:81584476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721378)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"60.243.127.157"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721378/; classtype:trojan-activity;sid:81584478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721374)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"42.227.167.201"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721374/; classtype:trojan-activity;sid:81584474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721375)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"42.230.90.219"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721375/; classtype:trojan-activity;sid:81584475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721373)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"42.227.158.239"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721373/; classtype:trojan-activity;sid:81584473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721372)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"60.214.205.218"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721372/; classtype:trojan-activity;sid:81584472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721370)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"218.56.225.105"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721370/; classtype:trojan-activity;sid:81584470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721371)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"219.154.98.159"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721371/; classtype:trojan-activity;sid:81584471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721369)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"27.41.212.109"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721369/; classtype:trojan-activity;sid:81584469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721367)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"39.65.232.186"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721367/; classtype:trojan-activity;sid:81584467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721366)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; http.host; content:"115.54.96.196"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721366/; classtype:trojan-activity;sid:81584466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721364)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"219.154.107.151"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721364/; classtype:trojan-activity;sid:81584464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721361)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"221.15.255.194"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721361/; classtype:trojan-activity;sid:81584461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721360)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"221.3.125.41"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721360/; classtype:trojan-activity;sid:81584460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721362)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"222.137.160.32"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721362/; classtype:trojan-activity;sid:81584462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721365)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"39.74.51.223"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721365/; classtype:trojan-activity;sid:81584465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721359)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.112.29.177"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721359/; classtype:trojan-activity;sid:81584459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721358)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.112.66.54"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721358/; classtype:trojan-activity;sid:81584458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721355)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"182.117.28.91"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721355/; classtype:trojan-activity;sid:81584455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721353)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.119.54.164"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721353/; classtype:trojan-activity;sid:81584453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721354)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.121.216.93"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721354/; classtype:trojan-activity;sid:81584454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721357)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.124.115.202"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721357/; classtype:trojan-activity;sid:81584457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721356)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"182.126.116.212"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721356/; classtype:trojan-activity;sid:81584456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721350)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"125.47.89.217"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721350/; classtype:trojan-activity;sid:81584450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721349)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"123.234.188.104"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721349/; classtype:trojan-activity;sid:81584449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721347)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"122.202.50.76"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721347/; classtype:trojan-activity;sid:81584447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721346)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"118.212.117.61"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721346/; classtype:trojan-activity;sid:81584446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721344)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"119.166.148.28"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721344/; classtype:trojan-activity;sid:81584444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721341)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"119.189.254.121"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721341/; classtype:trojan-activity;sid:81584441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721343)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"123.11.232.226"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721343/; classtype:trojan-activity;sid:81584443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721345)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"123.5.199.164"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721345/; classtype:trojan-activity;sid:81584445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721339)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"124.131.92.169"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721339/; classtype:trojan-activity;sid:81584439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721340)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"125.47.46.70"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721340/; classtype:trojan-activity;sid:81584440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721336)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"115.48.1.29"; depth:11; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721336/; classtype:trojan-activity;sid:81584436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721335)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"106.59.196.180"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721335/; classtype:trojan-activity;sid:81584435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721330)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"115.48.153.255"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721330/; classtype:trojan-activity;sid:81584430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721329)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"115.49.72.105"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721329/; classtype:trojan-activity;sid:81584429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721331)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"115.61.102.125"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721331/; classtype:trojan-activity;sid:81584431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721327)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"115.58.133.255"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721327/; classtype:trojan-activity;sid:81584427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721324)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m-i.p-s.sakura"; depth:15; endswith; http.host; content:"107.174.76.235"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721324/; classtype:trojan-activity;sid:81584424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721322)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; http.host; content:"112.252.238.97"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721322/; classtype:trojan-activity;sid:81584422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721321)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x-8.6-.sakura"; depth:14; endswith; http.host; content:"107.174.76.235"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721321/; classtype:trojan-activity;sid:81584421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721314)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"42.235.136.19"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721314/; classtype:trojan-activity;sid:81584414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721315)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"45.176.111.239"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721315/; classtype:trojan-activity;sid:81584415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721312)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"59.99.40.253"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721312/; classtype:trojan-activity;sid:81584412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721317)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"60.13.60.215"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721317/; classtype:trojan-activity;sid:81584417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721318)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"60.211.91.26"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721318/; classtype:trojan-activity;sid:81584418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721311)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"61.53.253.170"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721311/; classtype:trojan-activity;sid:81584411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721308)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"27.219.5.117"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721308/; classtype:trojan-activity;sid:81584408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721307)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"27.41.183.89"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721307/; classtype:trojan-activity;sid:81584407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721304)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"39.65.88.39"; depth:11; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721304/; classtype:trojan-activity;sid:81584404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721306)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"39.74.147.54"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721306/; classtype:trojan-activity;sid:81584406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721303)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"39.79.7.176"; depth:11; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721303/; classtype:trojan-activity;sid:81584403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721305)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"39.87.18.134"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721305/; classtype:trojan-activity;sid:81584405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721302)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"39.88.175.166"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721302/; classtype:trojan-activity;sid:81584402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721300)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"27.217.196.3"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721300/; classtype:trojan-activity;sid:81584400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721301)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"39.89.103.52"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721301/; classtype:trojan-activity;sid:81584401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721298)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"221.15.171.225"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721298/; classtype:trojan-activity;sid:81584398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721297)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"222.138.176.231"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721297/; classtype:trojan-activity;sid:81584397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721299)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"222.138.213.127"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721299/; classtype:trojan-activity;sid:81584399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721295)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x-3.2-.ghoul"; depth:13; endswith; http.host; content:"107.172.110.200"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721295/; classtype:trojan-activity;sid:81584395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721296)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/p-p.c-.sakura"; depth:14; endswith; http.host; content:"107.174.76.235"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721296/; classtype:trojan-activity;sid:81584396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721291)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"27.194.112.23"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721291/; classtype:trojan-activity;sid:81584391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721290)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a-r.m-6.sakura"; depth:15; endswith; http.host; content:"107.174.76.235"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721290/; classtype:trojan-activity;sid:81584390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721289)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"200.107.118.137"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721289/; classtype:trojan-activity;sid:81584389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721288)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"222.142.222.136"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721288/; classtype:trojan-activity;sid:81584388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721285)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"24.50.34.150"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721285/; classtype:trojan-activity;sid:81584385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721287)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"27.216.22.114"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721287/; classtype:trojan-activity;sid:81584387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721283)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"181.199.162.243"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721283/; classtype:trojan-activity;sid:81584383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721282)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.58.235.72"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721282/; classtype:trojan-activity;sid:81584382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721281)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.112.68.169"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721281/; classtype:trojan-activity;sid:81584381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721279)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"182.112.52.129"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721279/; classtype:trojan-activity;sid:81584379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721280)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.120.52.226"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721280/; classtype:trojan-activity;sid:81584380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721278)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"124.135.169.230"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721278/; classtype:trojan-activity;sid:81584378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721277)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"117.63.158.39"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721277/; classtype:trojan-activity;sid:81584377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721272)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"123.11.174.139"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721272/; classtype:trojan-activity;sid:81584372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721275)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"123.4.65.92"; depth:11; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721275/; classtype:trojan-activity;sid:81584375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721273)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"123.4.78.160"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721273/; classtype:trojan-activity;sid:81584373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721274)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"125.41.97.126"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721274/; classtype:trojan-activity;sid:81584374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721268)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"123.14.70.97"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721268/; classtype:trojan-activity;sid:81584368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721271)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"125.47.244.140"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721271/; classtype:trojan-activity;sid:81584371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721269)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"181.174.0.228"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721269/; classtype:trojan-activity;sid:81584369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721266)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"106.0.56.105"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721266/; classtype:trojan-activity;sid:81584366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721264)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; http.host; content:"103.69.46.133"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721264/; classtype:trojan-activity;sid:81584364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721265)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"114.229.218.69"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721265/; classtype:trojan-activity;sid:81584365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721262)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"117.20.243.40"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721262/; classtype:trojan-activity;sid:81584362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721261)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"115.50.108.19"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721261/; classtype:trojan-activity;sid:81584361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721260)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"117.194.162.203"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721260/; classtype:trojan-activity;sid:81584360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721259)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"117.202.67.215"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721259/; classtype:trojan-activity;sid:81584359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721258)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"117.222.167.65"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721258/; classtype:trojan-activity;sid:81584358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721256)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"111.160.112.142"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721256/; classtype:trojan-activity;sid:81584356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721255)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"115.56.147.198"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721255/; classtype:trojan-activity;sid:81584355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721254)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"115.59.201.15"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721254/; classtype:trojan-activity;sid:81584354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721251)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"210.7.21.172"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721251/; classtype:trojan-activity;sid:81584351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721248)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"219.154.114.162"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721248/; classtype:trojan-activity;sid:81584348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721249)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"58.143.198.47"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721249/; classtype:trojan-activity;sid:81584349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721245)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.120.50.1"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721245/; classtype:trojan-activity;sid:81584345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721246)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"59.180.190.138"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721246/; classtype:trojan-activity;sid:81584346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721247)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"60.243.118.206"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721247/; classtype:trojan-activity;sid:81584347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721242)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a-r.m-4.ghoul"; depth:14; endswith; http.host; content:"107.172.110.200"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721242/; classtype:trojan-activity;sid:81584342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721240)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a-r.m-7.sakura"; depth:15; endswith; http.host; content:"107.174.76.235"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721240/; classtype:trojan-activity;sid:81584340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721241)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m-6.8-k.sakura"; depth:15; endswith; http.host; content:"107.174.76.235"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721241/; classtype:trojan-activity;sid:81584341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721238)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x-3.2-.sakura"; depth:14; endswith; http.host; content:"107.174.76.235"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721238/; classtype:trojan-activity;sid:81584338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721236)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/e5db0e07c3d7be80v201007/update.sh"; depth:34; endswith; http.host; content:"45.9.148.37"; depth:11; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721236/; classtype:trojan-activity;sid:81584336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721231)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cgi-bin/payment/wrm6u988-645608/"; depth:33; endswith; http.host; content:"spaziovigoni.it"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721231/; classtype:trojan-activity;sid:81584331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721230)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i-5.8-6.sakura"; depth:15; endswith; http.host; content:"107.174.76.235"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721230/; classtype:trojan-activity;sid:81584330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721226)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m-p.s-l.ghoul"; depth:14; endswith; http.host; content:"107.172.110.200"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721226/; classtype:trojan-activity;sid:81584326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721228)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a-r.m-4.sakura"; depth:15; endswith; http.host; content:"107.174.76.235"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721228/; classtype:trojan-activity;sid:81584328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721225)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a-r.m-5.sakura"; depth:15; endswith; http.host; content:"107.174.76.235"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721225/; classtype:trojan-activity;sid:81584325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721229)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m-p.s-l.sakura"; depth:15; endswith; http.host; content:"107.174.76.235"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721229/; classtype:trojan-activity;sid:81584329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721227)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s-h.4-.sakura"; depth:14; endswith; http.host; content:"107.174.76.235"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721227/; classtype:trojan-activity;sid:81584327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721224)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; http.host; content:"27.215.211.242"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721224/; classtype:trojan-activity;sid:81584324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721223)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"45.176.111.169"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721223/; classtype:trojan-activity;sid:81584323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721222)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"222.140.164.106"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721222/; classtype:trojan-activity;sid:81584322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721218)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"39.65.140.230"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721218/; classtype:trojan-activity;sid:81584318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721221)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"58.212.59.53"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721221/; classtype:trojan-activity;sid:81584321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721219)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"60.208.150.94"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721219/; classtype:trojan-activity;sid:81584319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721215)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"221.15.63.20"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721215/; classtype:trojan-activity;sid:81584315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721213)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"27.210.164.249"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721213/; classtype:trojan-activity;sid:81584313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721214)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"27.216.214.240"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721214/; classtype:trojan-activity;sid:81584314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721217)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"27.222.142.87"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721217/; classtype:trojan-activity;sid:81584317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721209)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"125.44.226.91"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721209/; classtype:trojan-activity;sid:81584309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721211)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"125.46.197.236"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721211/; classtype:trojan-activity;sid:81584311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721210)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"182.113.200.55"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721210/; classtype:trojan-activity;sid:81584310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721207)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.119.15.251"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721207/; classtype:trojan-activity;sid:81584307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721208)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.127.91.7"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721208/; classtype:trojan-activity;sid:81584308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721204)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"125.43.93.11"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721204/; classtype:trojan-activity;sid:81584304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721205)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.112.50.2"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721205/; classtype:trojan-activity;sid:81584305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721206)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.127.139.6"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721206/; classtype:trojan-activity;sid:81584306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721201)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"115.61.104.17"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721201/; classtype:trojan-activity;sid:81584301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721200)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"119.165.78.123"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721200/; classtype:trojan-activity;sid:81584300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721197)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"123.11.169.230"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721197/; classtype:trojan-activity;sid:81584297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721196)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"123.235.254.7"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721196/; classtype:trojan-activity;sid:81584296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721194)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"123.4.223.97"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721194/; classtype:trojan-activity;sid:81584294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721198)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"123.4.74.7"; depth:10; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721198/; classtype:trojan-activity;sid:81584298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721195)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"125.42.123.185"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721195/; classtype:trojan-activity;sid:81584295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721193)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"115.51.107.163"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721193/; classtype:trojan-activity;sid:81584293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721192)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"113.20.122.10"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721192/; classtype:trojan-activity;sid:81584292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721189)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"115.50.170.110"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721189/; classtype:trojan-activity;sid:81584289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721190)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"115.50.57.107"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721190/; classtype:trojan-activity;sid:81584290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721188)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"115.55.141.7"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721188/; classtype:trojan-activity;sid:81584288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721185)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; http.host; content:"125.40.11.30"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721185/; classtype:trojan-activity;sid:81584285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721184)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; http.host; content:"112.252.238.97"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721184/; classtype:trojan-activity;sid:81584284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721183)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp/llc/082703/d2fw5b27sa-177/"; depth:30; endswith; http.host; content:"merkur.mk"; depth:9; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721183/; classtype:trojan-activity;sid:81584283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721181)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; http.host; content:"112.254.192.187"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721181/; classtype:trojan-activity;sid:81584281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721177)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sakura.sh"; depth:10; endswith; http.host; content:"107.174.76.235"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721177/; classtype:trojan-activity;sid:81584277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721176)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; http.host; content:"211.26.10.49"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721176/; classtype:trojan-activity;sid:81584276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721175)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"60.214.77.37"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721175/; classtype:trojan-activity;sid:81584275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721172)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"60.27.118.21"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721172/; classtype:trojan-activity;sid:81584272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721173)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"88.248.97.31"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721173/; classtype:trojan-activity;sid:81584273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721171)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"61.52.211.75"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721171/; classtype:trojan-activity;sid:81584271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721170)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; http.host; content:"94.17.41.217"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721170/; classtype:trojan-activity;sid:81584270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721168)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"59.94.183.45"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721168/; classtype:trojan-activity;sid:81584268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721169)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp/4jgetkn/aiza/75992411153245302/2tx47mr-00012602/"; depth:52; endswith; http.host; content:"jobsrev.com"; depth:11; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721169/; classtype:trojan-activity;sid:81584269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721166)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"60.170.166.189"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721166/; classtype:trojan-activity;sid:81584266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721165)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"60.214.49.212"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721165/; classtype:trojan-activity;sid:81584265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721163)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"27.209.65.54"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721163/; classtype:trojan-activity;sid:81584263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721162)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"27.221.241.109"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721162/; classtype:trojan-activity;sid:81584262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721161)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"39.74.52.178"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721161/; classtype:trojan-activity;sid:81584261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721164)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"42.235.82.207"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721164/; classtype:trojan-activity;sid:81584264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721159)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.121.204.73"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721159/; classtype:trojan-activity;sid:81584259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721158)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"219.157.27.225"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721158/; classtype:trojan-activity;sid:81584258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721156)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.124.38.149"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721156/; classtype:trojan-activity;sid:81584256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721154)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"221.215.241.34"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721154/; classtype:trojan-activity;sid:81584254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721155)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"27.184.216.159"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721155/; classtype:trojan-activity;sid:81584255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721152)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"182.119.123.5"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721152/; classtype:trojan-activity;sid:81584252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721153)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.119.166.2"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721153/; classtype:trojan-activity;sid:81584253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721151)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"219.157.223.158"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721151/; classtype:trojan-activity;sid:81584251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721150)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.117.30.226"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721150/; classtype:trojan-activity;sid:81584250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721148)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"185.226.90.141"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721148/; classtype:trojan-activity;sid:81584248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721149)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"27.194.114.243"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721149/; classtype:trojan-activity;sid:81584249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721147)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"119.177.109.17"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721147/; classtype:trojan-activity;sid:81584247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721146)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"14.40.34.132"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721146/; classtype:trojan-activity;sid:81584246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721145)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"123.130.56.242"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721145/; classtype:trojan-activity;sid:81584245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721144)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"125.43.113.75"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721144/; classtype:trojan-activity;sid:81584244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721143)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.112.55.153"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721143/; classtype:trojan-activity;sid:81584243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721142)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"120.59.126.253"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721142/; classtype:trojan-activity;sid:81584242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721141)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"125.41.136.251"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721141/; classtype:trojan-activity;sid:81584241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721139)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"116.73.96.112"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721139/; classtype:trojan-activity;sid:81584239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721137)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"113.88.36.148"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721137/; classtype:trojan-activity;sid:81584237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721138)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"116.73.67.61"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721138/; classtype:trojan-activity;sid:81584238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721135)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"113.116.206.50"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721135/; classtype:trojan-activity;sid:81584235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721132)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"115.48.230.119"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721132/; classtype:trojan-activity;sid:81584232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721134)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"115.50.48.187"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721134/; classtype:trojan-activity;sid:81584234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721133)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"115.55.95.239"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721133/; classtype:trojan-activity;sid:81584233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721136)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"117.194.163.55"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721136/; classtype:trojan-activity;sid:81584236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721131)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"111.38.123.158"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721131/; classtype:trojan-activity;sid:81584231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721130)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"112.240.254.171"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721130/; classtype:trojan-activity;sid:81584230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721129)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"115.51.105.102"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721129/; classtype:trojan-activity;sid:81584229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721127)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; http.host; content:"112.254.192.187"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721127/; classtype:trojan-activity;sid:81584227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721125)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-includes/form/zsab/"; depth:23; endswith; http.host; content:"cynergism.life"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721125/; classtype:trojan-activity;sid:81584225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721124)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; http.host; content:"182.127.210.97"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721124/; classtype:trojan-activity;sid:81584224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721123)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; http.host; content:"182.119.161.230"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721123/; classtype:trojan-activity;sid:81584223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721121)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"45.250.65.242"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721121/; classtype:trojan-activity;sid:81584221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721120)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"42.232.77.75"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721120/; classtype:trojan-activity;sid:81584220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721119)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"60.211.31.207"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721119/; classtype:trojan-activity;sid:81584219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721116)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"60.215.213.105"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721116/; classtype:trojan-activity;sid:81584216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721117)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"61.52.187.230"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721117/; classtype:trojan-activity;sid:81584217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721114)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"61.53.148.63"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721114/; classtype:trojan-activity;sid:81584214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721113)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"27.217.66.109"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721113/; classtype:trojan-activity;sid:81584213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721107)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"27.202.243.210"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721107/; classtype:trojan-activity;sid:81584207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721108)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; http.host; content:"27.207.44.36"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721108/; classtype:trojan-activity;sid:81584208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721109)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"27.215.136.251"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721109/; classtype:trojan-activity;sid:81584209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721112)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"39.73.46.45"; depth:11; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721112/; classtype:trojan-activity;sid:81584212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721105)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"221.205.241.194"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721105/; classtype:trojan-activity;sid:81584205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721103)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"175.121.49.71"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721103/; classtype:trojan-activity;sid:81584203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721102)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.117.155.237"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721102/; classtype:trojan-activity;sid:81584202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721104)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"220.77.23.6"; depth:11; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721104/; classtype:trojan-activity;sid:81584204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721099)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.116.113.65"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721099/; classtype:trojan-activity;sid:81584199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721098)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"219.154.118.83"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721098/; classtype:trojan-activity;sid:81584198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721096)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"119.163.189.89"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721096/; classtype:trojan-activity;sid:81584196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721094)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"171.125.178.25"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721094/; classtype:trojan-activity;sid:81584194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721092)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"125.44.170.236"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721092/; classtype:trojan-activity;sid:81584192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721093)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"125.45.25.158"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721093/; classtype:trojan-activity;sid:81584193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721091)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; http.host; content:"65.172.242.92"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721091/; classtype:trojan-activity;sid:81584191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721090)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"111.38.104.141"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721090/; classtype:trojan-activity;sid:81584190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721088)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"103.73.153.193"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721088/; classtype:trojan-activity;sid:81584188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721081)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"112.225.41.123"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721081/; classtype:trojan-activity;sid:81584181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721080)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"115.48.86.150"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721080/; classtype:trojan-activity;sid:81584180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721085)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"115.96.118.176"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721085/; classtype:trojan-activity;sid:81584185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721079)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"115.59.213.97"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721079/; classtype:trojan-activity;sid:81584179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721078)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; http.host; content:"112.239.115.248"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721078/; classtype:trojan-activity;sid:81584178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721076)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; http.host; content:"113.89.41.64"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721076/; classtype:trojan-activity;sid:81584176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721075)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; http.host; content:"39.86.173.125"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721075/; classtype:trojan-activity;sid:81584175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721074)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; http.host; content:"115.50.60.118"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721074/; classtype:trojan-activity;sid:81584174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721071)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; http.host; content:"170.78.38.49"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721071/; classtype:trojan-activity;sid:81584171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721070)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"95.28.92.36"; depth:11; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721070/; classtype:trojan-activity;sid:81584170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721069)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; http.host; content:"27.194.47.178"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721069/; classtype:trojan-activity;sid:81584169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721065)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"39.65.112.26"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721065/; classtype:trojan-activity;sid:81584165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721066)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"39.74.51.115"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721066/; classtype:trojan-activity;sid:81584166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721067)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"39.86.171.121"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721067/; classtype:trojan-activity;sid:81584167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721064)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"59.16.101.225"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721064/; classtype:trojan-activity;sid:81584164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721063)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"59.94.183.213"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721063/; classtype:trojan-activity;sid:81584163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721057)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"39.74.98.145"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721057/; classtype:trojan-activity;sid:81584157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721061)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"42.224.183.137"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721061/; classtype:trojan-activity;sid:81584161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721059)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"42.225.23.75"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721059/; classtype:trojan-activity;sid:81584159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721060)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"42.235.154.32"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721060/; classtype:trojan-activity;sid:81584160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721058)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"59.180.161.100"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721058/; classtype:trojan-activity;sid:81584158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721056)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"60.211.30.229"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721056/; classtype:trojan-activity;sid:81584156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721054)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"202.83.37.73"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721054/; classtype:trojan-activity;sid:81584154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721053)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.117.50.100"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721053/; classtype:trojan-activity;sid:81584153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721052)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.117.93.115"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721052/; classtype:trojan-activity;sid:81584152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721051)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.57.214.211"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721051/; classtype:trojan-activity;sid:81584151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721049)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"183.15.204.251"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721049/; classtype:trojan-activity;sid:81584149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721050)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"27.220.208.171"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721050/; classtype:trojan-activity;sid:81584150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721048)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"27.216.22.114"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721048/; classtype:trojan-activity;sid:81584148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721044)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"221.15.176.56"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721044/; classtype:trojan-activity;sid:81584144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721045)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"222.133.83.120"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721045/; classtype:trojan-activity;sid:81584145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721046)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; http.host; content:"61.52.213.215"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721046/; classtype:trojan-activity;sid:81584146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721043)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"112.27.80.155"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721043/; classtype:trojan-activity;sid:81584143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721038)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"112.225.180.149"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721038/; classtype:trojan-activity;sid:81584138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721039)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"115.59.211.95"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721039/; classtype:trojan-activity;sid:81584139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721040)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"125.44.175.20"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721040/; classtype:trojan-activity;sid:81584140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721037)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"124.131.138.52"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721037/; classtype:trojan-activity;sid:81584137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721036)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"113.105.71.89"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721036/; classtype:trojan-activity;sid:81584136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721030)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"112.242.5.222"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721030/; classtype:trojan-activity;sid:81584130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721033)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"113.89.55.123"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721033/; classtype:trojan-activity;sid:81584133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721032)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"115.63.179.0"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721032/; classtype:trojan-activity;sid:81584132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721029)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"123.9.121.124"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721029/; classtype:trojan-activity;sid:81584129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721027)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; http.host; content:"112.249.206.8"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721027/; classtype:trojan-activity;sid:81584127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721025)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; http.host; content:"39.89.12.16"; depth:11; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721025/; classtype:trojan-activity;sid:81584125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721024)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; http.host; content:"39.86.173.125"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721024/; classtype:trojan-activity;sid:81584124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721023)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; http.host; content:"112.238.151.149"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721023/; classtype:trojan-activity;sid:81584123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721022)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"59.97.168.49"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721022/; classtype:trojan-activity;sid:81584122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721019)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"60.214.193.184"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721019/; classtype:trojan-activity;sid:81584119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721016)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"222.139.76.107"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721016/; classtype:trojan-activity;sid:81584116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721015)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"221.13.245.64"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721015/; classtype:trojan-activity;sid:81584115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721014)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"27.206.81.244"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721014/; classtype:trojan-activity;sid:81584114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721008)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; http.host; content:"115.50.60.118"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721008/; classtype:trojan-activity;sid:81584108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721010)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"27.202.200.254"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721010/; classtype:trojan-activity;sid:81584110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721009)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"27.203.1.147"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721009/; classtype:trojan-activity;sid:81584109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721011)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"42.224.212.6"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721011/; classtype:trojan-activity;sid:81584111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721012)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"42.224.68.66"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721012/; classtype:trojan-activity;sid:81584112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721013)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/scan/4207/ctnik/"; depth:28; endswith; http.host; content:"securityskills.com.co"; depth:21; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721013/; classtype:trojan-activity;sid:81584113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721006)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"221.3.28.197"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721006/; classtype:trojan-activity;sid:81584106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721007)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"27.219.57.122"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721007/; classtype:trojan-activity;sid:81584107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721005)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"187.103.82.94"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721005/; classtype:trojan-activity;sid:81584105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721004)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.116.99.229"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721004/; classtype:trojan-activity;sid:81584104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721003)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.119.21.104"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721003/; classtype:trojan-activity;sid:81584103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721002)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.126.73.60"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721002/; classtype:trojan-activity;sid:81584102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721001)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"14.127.242.83"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721001/; classtype:trojan-activity;sid:81584101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (721000)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"124.135.150.198"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/721000/; classtype:trojan-activity;sid:81584100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720998)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"123.4.184.114"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720998/; classtype:trojan-activity;sid:81584098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720999)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"124.129.223.72"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720999/; classtype:trojan-activity;sid:81584099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720997)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"123.4.85.90"; depth:11; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720997/; classtype:trojan-activity;sid:81584097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720994)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"123.5.149.13"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720994/; classtype:trojan-activity;sid:81584094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720995)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"125.47.239.78"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720995/; classtype:trojan-activity;sid:81584095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720996)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"171.34.115.44"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720996/; classtype:trojan-activity;sid:81584096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720992)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"121.100.114.164"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720992/; classtype:trojan-activity;sid:81584092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720990)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; http.host; content:"170.78.39.144"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720990/; classtype:trojan-activity;sid:81584090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720986)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"115.150.58.177"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720986/; classtype:trojan-activity;sid:81584086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720989)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"119.136.112.154"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720989/; classtype:trojan-activity;sid:81584089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720987)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"119.179.3.202"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720987/; classtype:trojan-activity;sid:81584087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720988)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"123.129.63.201"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720988/; classtype:trojan-activity;sid:81584088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720985)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"112.237.31.232"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720985/; classtype:trojan-activity;sid:81584085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720984)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"119.184.33.155"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720984/; classtype:trojan-activity;sid:81584084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720982)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp/etrac/zrsqbivt-0275485/"; depth:27; endswith; http.host; content:"risetech.in"; depth:11; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720982/; classtype:trojan-activity;sid:81584082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720981)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; http.host; content:"61.52.213.215"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720981/; classtype:trojan-activity;sid:81584081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720980)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; http.host; content:"125.42.120.219"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720980/; classtype:trojan-activity;sid:81584080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720979)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; http.host; content:"222.138.117.103"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720979/; classtype:trojan-activity;sid:81584079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720976)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; http.host; content:"182.119.166.2"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720976/; classtype:trojan-activity;sid:81584076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720977)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"61.52.55.186"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720977/; classtype:trojan-activity;sid:81584077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720974)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"36.153.190.227"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720974/; classtype:trojan-activity;sid:81584074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720973)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"60.209.219.85"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720973/; classtype:trojan-activity;sid:81584073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720971)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"219.155.29.122"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720971/; classtype:trojan-activity;sid:81584071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720969)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"27.215.186.7"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720969/; classtype:trojan-activity;sid:81584069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720970)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"42.224.2.112"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720970/; classtype:trojan-activity;sid:81584070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720963)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"219.154.183.251"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720963/; classtype:trojan-activity;sid:81584063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720965)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"219.156.13.173"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720965/; classtype:trojan-activity;sid:81584065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720968)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"221.1.141.81"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720968/; classtype:trojan-activity;sid:81584068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720967)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"223.13.69.156"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720967/; classtype:trojan-activity;sid:81584067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720960)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; http.host; content:"27.194.47.178"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720960/; classtype:trojan-activity;sid:81584060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720962)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"27.213.105.8"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720962/; classtype:trojan-activity;sid:81584062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720964)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"39.86.78.160"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720964/; classtype:trojan-activity;sid:81584064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720966)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"42.235.187.133"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720966/; classtype:trojan-activity;sid:81584066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720959)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"221.3.119.23"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720959/; classtype:trojan-activity;sid:81584059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720958)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; http.host; content:"170.78.38.49"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720958/; classtype:trojan-activity;sid:81584058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720957)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"123.5.154.25"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720957/; classtype:trojan-activity;sid:81584057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720947)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; http.host; content:"124.131.150.152"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720947/; classtype:trojan-activity;sid:81584047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720952)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"125.47.240.190"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720952/; classtype:trojan-activity;sid:81584052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720948)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"182.114.69.26"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720948/; classtype:trojan-activity;sid:81584048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720955)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.116.97.192"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720955/; classtype:trojan-activity;sid:81584055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720951)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.121.28.50"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720951/; classtype:trojan-activity;sid:81584051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720950)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"216.98.80.5"; depth:11; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720950/; classtype:trojan-activity;sid:81584050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720949)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; http.host; content:"39.89.12.16"; depth:11; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720949/; classtype:trojan-activity;sid:81584049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720945)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"113.88.210.141"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720945/; classtype:trojan-activity;sid:81584045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720946)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"115.48.204.4"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720946/; classtype:trojan-activity;sid:81584046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720944)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/report/"; depth:17; endswith; http.host; content:"online24h.biz"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720944/; classtype:trojan-activity;sid:81584044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720943)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"112.252.197.113"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720943/; classtype:trojan-activity;sid:81584043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720942)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"115.55.139.25"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720942/; classtype:trojan-activity;sid:81584042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720939)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"112.242.140.48"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720939/; classtype:trojan-activity;sid:81584039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720940)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"115.59.192.185"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720940/; classtype:trojan-activity;sid:81584040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720937)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"112.249.26.82"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720937/; classtype:trojan-activity;sid:81584037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720938)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"113.89.244.158"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720938/; classtype:trojan-activity;sid:81584038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720936)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"115.50.48.74"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720936/; classtype:trojan-activity;sid:81584036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720935)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"123.232.60.201"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720935/; classtype:trojan-activity;sid:81584035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720930)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/esp/3h3zb-000774/"; depth:27; endswith; http.host; content:"kewone.com"; depth:10; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720930/; classtype:trojan-activity;sid:81584030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720929)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp/public/9260607318029990/ipozf9tya7-0004770/"; depth:47; endswith; http.host; content:"exoticbirdsonline.com"; depth:21; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720929/; classtype:trojan-activity;sid:81584029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720928)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/invoice/u5pvy8z43v-097462/"; depth:36; endswith; http.host; content:"petlele.co.za"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720928/; classtype:trojan-activity;sid:81584028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720924)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/public/7008040010914236/69l1wy5fdsas-00083439/"; depth:56; endswith; http.host; content:"www.sefidesign.com"; depth:18; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720924/; classtype:trojan-activity;sid:81584024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720920)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"61.52.98.73"; depth:11; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720920/; classtype:trojan-activity;sid:81584020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720919)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"61.54.78.163"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720919/; classtype:trojan-activity;sid:81584019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720917)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"49.143.32.36"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720917/; classtype:trojan-activity;sid:81584017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720918)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/audio/file/0074779585999460/lcpzc/"; depth:35; endswith; http.host; content:"fixen.mx"; depth:8; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720918/; classtype:trojan-activity;sid:81584018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720916)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"222.137.149.28"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720916/; classtype:trojan-activity;sid:81584016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720914)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"27.216.0.70"; depth:11; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720914/; classtype:trojan-activity;sid:81584014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720913)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"39.73.238.1"; depth:11; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720913/; classtype:trojan-activity;sid:81584013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720910)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"42.224.170.184"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720910/; classtype:trojan-activity;sid:81584010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720909)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"42.226.81.74"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720909/; classtype:trojan-activity;sid:81584009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720908)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; http.host; content:"103.91.245.12"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720908/; classtype:trojan-activity;sid:81584008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720907)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"222.134.166.169"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720907/; classtype:trojan-activity;sid:81584007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720905)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"219.157.64.116"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720905/; classtype:trojan-activity;sid:81584005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720906)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"221.15.147.234"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720906/; classtype:trojan-activity;sid:81584006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720902)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"123.5.184.56"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720902/; classtype:trojan-activity;sid:81584002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720901)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.113.231.29"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720901/; classtype:trojan-activity;sid:81584001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720899)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"123.4.32.80"; depth:11; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720899/; classtype:trojan-activity;sid:81583999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720896)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"125.41.96.183"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720896/; classtype:trojan-activity;sid:81583996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720900)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"175.168.224.67"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720900/; classtype:trojan-activity;sid:81584000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720897)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.113.8.186"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720897/; classtype:trojan-activity;sid:81583997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720898)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"182.126.89.121"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720898/; classtype:trojan-activity;sid:81583998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720894)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zb_install/reporting/rhfkqeyct/"; depth:32; endswith; http.host; content:"jiaoyuzixun.cn"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720894/; classtype:trojan-activity;sid:81583994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720893)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"115.99.94.126"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720893/; classtype:trojan-activity;sid:81583993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720892)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cgi-bin/0a7kh9p07naxh/"; depth:23; endswith; http.host; content:"streamshosting.co.za"; depth:20; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720892/; classtype:trojan-activity;sid:81583992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720891)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"119.179.117.48"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720891/; classtype:trojan-activity;sid:81583991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720888)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"115.97.19.190"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720888/; classtype:trojan-activity;sid:81583988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720889)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/lm/"; depth:13; endswith; http.host; content:"ravesonline.in"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720889/; classtype:trojan-activity;sid:81583989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720887)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-includes/doc/yqxfa719ix/vtmzas5l5y7v9rgjg3j/"; depth:48; endswith; http.host; content:"nxdawn.com"; depth:10; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720887/; classtype:trojan-activity;sid:81583987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720886)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"115.59.219.124"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720886/; classtype:trojan-activity;sid:81583986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720884)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/data/swift/7ozakpz/iish7bru44kzakg573ln/"; depth:41; endswith; http.host; content:"nepalsocialcenter.com"; depth:21; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720884/; classtype:trojan-activity;sid:81583984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720882)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/balance/x7hgsqu4/"; depth:29; endswith; http.host; content:"wdr.tw"; depth:6; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720882/; classtype:trojan-activity;sid:81583982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720881)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-includes/sites/4ak64i8mk/3ruayf/"; depth:36; endswith; http.host; content:"simply-glamour.com"; depth:18; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720881/; classtype:trojan-activity;sid:81583981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720880)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cgi-bin/balance/ot6grtqi/yg007e7s/"; depth:35; endswith; http.host; content:"aspirefacilities.com.au"; depth:23; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720880/; classtype:trojan-activity;sid:81583980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720878)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"115.96.134.24"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720878/; classtype:trojan-activity;sid:81583978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720877)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"117.211.42.230"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720877/; classtype:trojan-activity;sid:81583977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720879)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/font-awesome/report/"; depth:21; endswith; http.host; content:"seguridadnativa.com.ar"; depth:22; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720879/; classtype:trojan-activity;sid:81583979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720874)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/browse/"; depth:17; endswith; http.host; content:"websiteoptimizationcanada.ca"; depth:28; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720874/; classtype:trojan-activity;sid:81583974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720873)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/xa27ud3nkt1g/jcuut920riffpe/akn1j6l17xy6elpf7w4lsk3iitiy7lq38/"; depth:72; endswith; http.host; content:"www.heroin-addiction.net"; depth:24; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720873/; classtype:trojan-activity;sid:81583973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720871)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"115.61.180.255"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720871/; classtype:trojan-activity;sid:81583971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720872)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"123.12.175.157"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720872/; classtype:trojan-activity;sid:81583972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720870)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/user_guide/1vu1hwqxropdtqo/"; depth:28; endswith; http.host; content:"www.bestabortionpillsrx.com"; depth:27; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720870/; classtype:trojan-activity;sid:81583970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720864)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"113.81.203.181"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720864/; classtype:trojan-activity;sid:81583964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720860)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"101.64.116.54"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720860/; classtype:trojan-activity;sid:81583960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720861)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"112.17.152.195"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720861/; classtype:trojan-activity;sid:81583961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720863)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"113.90.245.78"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720863/; classtype:trojan-activity;sid:81583963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720862)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"115.52.188.246"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720862/; classtype:trojan-activity;sid:81583962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720859)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"115.54.200.114"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720859/; classtype:trojan-activity;sid:81583959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720857)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; http.host; content:"60.43.44.52"; depth:11; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720857/; classtype:trojan-activity;sid:81583957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720855)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; http.host; content:"124.131.150.152"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720855/; classtype:trojan-activity;sid:81583955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720854)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; http.host; content:"87.97.80.183"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720854/; classtype:trojan-activity;sid:81583954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720851)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"61.54.61.191"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720851/; classtype:trojan-activity;sid:81583951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720849)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; http.host; content:"117.26.110.23"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720849/; classtype:trojan-activity;sid:81583949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720850)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"222.138.216.55"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720850/; classtype:trojan-activity;sid:81583950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720848)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.124.61.230"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720848/; classtype:trojan-activity;sid:81583948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720846)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"27.213.72.70"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720846/; classtype:trojan-activity;sid:81583946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720844)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"222.141.12.54"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720844/; classtype:trojan-activity;sid:81583944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720842)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"42.230.188.230"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720842/; classtype:trojan-activity;sid:81583942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720845)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"42.230.87.38"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720845/; classtype:trojan-activity;sid:81583945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720837)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; http.host; content:"119.166.47.102"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720837/; classtype:trojan-activity;sid:81583937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720838)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"222.138.164.192"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720838/; classtype:trojan-activity;sid:81583938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720841)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"39.65.51.135"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720841/; classtype:trojan-activity;sid:81583941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720836)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"123.14.192.81"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720836/; classtype:trojan-activity;sid:81583936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720835)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"182.121.206.160"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720835/; classtype:trojan-activity;sid:81583935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720833)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; http.host; content:"182.127.210.97"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720833/; classtype:trojan-activity;sid:81583933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720831)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"123.9.40.70"; depth:11; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720831/; classtype:trojan-activity;sid:81583931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720829)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"125.41.76.37"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720829/; classtype:trojan-activity;sid:81583929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720830)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.123.208.31"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720830/; classtype:trojan-activity;sid:81583930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720826)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"115.48.152.197"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720826/; classtype:trojan-activity;sid:81583926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720823)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"112.242.192.216"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720823/; classtype:trojan-activity;sid:81583923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720822)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"112.249.178.230"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720822/; classtype:trojan-activity;sid:81583922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720821)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"113.116.91.195"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720821/; classtype:trojan-activity;sid:81583921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720820)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"115.61.40.99"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720820/; classtype:trojan-activity;sid:81583920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720819)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"112.225.124.5"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720819/; classtype:trojan-activity;sid:81583919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720818)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"115.58.141.151"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720818/; classtype:trojan-activity;sid:81583918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720817)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/document/39067/xp8sd-61/"; depth:34; endswith; http.host; content:"nepalisamajh.com"; depth:16; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720817/; classtype:trojan-activity;sid:81583917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720816)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/armv4l"; depth:7; endswith; http.host; content:"45.153.203.181"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720816/; classtype:trojan-activity;sid:81583916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720815)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/armv5l"; depth:7; endswith; http.host; content:"45.153.203.181"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720815/; classtype:trojan-activity;sid:81583915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720809)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/armv6l"; depth:7; endswith; http.host; content:"45.153.203.181"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720809/; classtype:trojan-activity;sid:81583909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720806)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i586"; depth:5; endswith; http.host; content:"45.153.203.181"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720806/; classtype:trojan-activity;sid:81583906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720813)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i686"; depth:5; endswith; http.host; content:"45.153.203.181"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720813/; classtype:trojan-activity;sid:81583913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720814)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; http.host; content:"45.153.203.181"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720814/; classtype:trojan-activity;sid:81583914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720808)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; http.host; content:"45.153.203.181"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720808/; classtype:trojan-activity;sid:81583908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720811)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mipsel"; depth:7; endswith; http.host; content:"45.153.203.181"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720811/; classtype:trojan-activity;sid:81583911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720810)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/powerpc"; depth:8; endswith; http.host; content:"45.153.203.181"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720810/; classtype:trojan-activity;sid:81583910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720807)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; http.host; content:"45.153.203.181"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720807/; classtype:trojan-activity;sid:81583907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720812)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sparc"; depth:6; endswith; http.host; content:"45.153.203.181"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720812/; classtype:trojan-activity;sid:81583912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720805)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; http.host; content:"45.153.203.181"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720805/; classtype:trojan-activity;sid:81583905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720804)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.m68k"; depth:15; endswith; http.host; content:"45.153.203.101"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720804/; classtype:trojan-activity;sid:81583904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720803)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.mips"; depth:15; endswith; http.host; content:"45.153.203.101"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720803/; classtype:trojan-activity;sid:81583903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720801)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.mpsl"; depth:15; endswith; http.host; content:"45.153.203.101"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720801/; classtype:trojan-activity;sid:81583901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720802)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.sh4"; depth:14; endswith; http.host; content:"45.153.203.101"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720802/; classtype:trojan-activity;sid:81583902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720798)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.arm"; depth:14; endswith; http.host; content:"45.153.203.101"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720798/; classtype:trojan-activity;sid:81583898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720797)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.arm5"; depth:15; endswith; http.host; content:"45.153.203.101"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720797/; classtype:trojan-activity;sid:81583897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720796)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.arm6"; depth:15; endswith; http.host; content:"45.153.203.101"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720796/; classtype:trojan-activity;sid:81583896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720795)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.arm7"; depth:15; endswith; http.host; content:"45.153.203.101"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720795/; classtype:trojan-activity;sid:81583895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720799)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.ppc"; depth:14; endswith; http.host; content:"45.153.203.101"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720799/; classtype:trojan-activity;sid:81583899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720800)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.x86"; depth:14; endswith; http.host; content:"45.153.203.101"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720800/; classtype:trojan-activity;sid:81583900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720792)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cgi-bin/docs/e259bmowrmcq/"; depth:27; endswith; http.host; content:"geckoaudioindonesia.com"; depth:23; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720792/; classtype:trojan-activity;sid:81583892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720791)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/doc/e9ldrs9e1hcbwu6/"; depth:30; endswith; http.host; content:"zakeeyadeko.com"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720791/; classtype:trojan-activity;sid:81583891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720787)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"42.231.232.223"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720787/; classtype:trojan-activity;sid:81583887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720786)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"27.211.135.21"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720786/; classtype:trojan-activity;sid:81583886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720781)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"39.81.25.228"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720781/; classtype:trojan-activity;sid:81583881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720783)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"60.214.195.222"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720783/; classtype:trojan-activity;sid:81583883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720782)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/free-tracfone/llc/8act8dbtcc2etyypo3/"; depth:38; endswith; http.host; content:"quienfirma.cl"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720782/; classtype:trojan-activity;sid:81583882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720779)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"221.15.179.188"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720779/; classtype:trojan-activity;sid:81583879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720778)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"221.15.5.105"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720778/; classtype:trojan-activity;sid:81583878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720777)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"92.112.234.98"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720777/; classtype:trojan-activity;sid:81583877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720776)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"123.12.178.116"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720776/; classtype:trojan-activity;sid:81583876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720774)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"123.128.89.84"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720774/; classtype:trojan-activity;sid:81583874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720773)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"123.235.253.244"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720773/; classtype:trojan-activity;sid:81583873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720770)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"125.47.91.217"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720770/; classtype:trojan-activity;sid:81583870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720772)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.113.215.173"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720772/; classtype:trojan-activity;sid:81583872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720775)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.113.25.50"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720775/; classtype:trojan-activity;sid:81583875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720771)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.117.82.18"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720771/; classtype:trojan-activity;sid:81583871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720769)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"125.41.200.31"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720769/; classtype:trojan-activity;sid:81583869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720768)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"123.10.47.12"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720768/; classtype:trojan-activity;sid:81583868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720767)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"119.56.240.79"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720767/; classtype:trojan-activity;sid:81583867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720764)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"115.56.68.245"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720764/; classtype:trojan-activity;sid:81583864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720765)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"116.72.202.30"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720765/; classtype:trojan-activity;sid:81583865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720766)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"119.165.247.48"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720766/; classtype:trojan-activity;sid:81583866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720761)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"115.56.143.210"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720761/; classtype:trojan-activity;sid:81583861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720762)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"115.59.221.104"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720762/; classtype:trojan-activity;sid:81583862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720760)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"117.211.42.219"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720760/; classtype:trojan-activity;sid:81583860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720763)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"117.222.167.65"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720763/; classtype:trojan-activity;sid:81583863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720759)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"103.89.253.117"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720759/; classtype:trojan-activity;sid:81583859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720758)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"110.35.29.85"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720758/; classtype:trojan-activity;sid:81583858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720756)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"115.49.4.83"; depth:11; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720756/; classtype:trojan-activity;sid:81583856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720757)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"115.50.211.164"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720757/; classtype:trojan-activity;sid:81583857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720755)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"106.0.56.227"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720755/; classtype:trojan-activity;sid:81583855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720748)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"112.226.10.186"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720748/; classtype:trojan-activity;sid:81583848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720749)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"112.242.227.79"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720749/; classtype:trojan-activity;sid:81583849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720753)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"112.249.30.172"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720753/; classtype:trojan-activity;sid:81583853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720754)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"113.88.36.148"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720754/; classtype:trojan-activity;sid:81583854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720747)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; http.host; content:"60.43.44.52"; depth:11; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720747/; classtype:trojan-activity;sid:81583847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720726)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; http.host; content:"119.166.47.102"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720726/; classtype:trojan-activity;sid:81583826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720725)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/docs/reporting/qz2k3c7e97-4814/"; depth:32; endswith; http.host; content:"farayalcozerasociadas.cl"; depth:24; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720725/; classtype:trojan-activity;sid:81583825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720669)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; http.host; content:"123.12.241.190"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720669/; classtype:trojan-activity;sid:81583769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720643)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; http.host; content:"42.236.214.199"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720643/; classtype:trojan-activity;sid:81583743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720614)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; http.host; content:"115.56.157.7"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720614/; classtype:trojan-activity;sid:81583714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720613)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; http.host; content:"61.53.86.9"; depth:10; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720613/; classtype:trojan-activity;sid:81583713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720611)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"61.53.138.210"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720611/; classtype:trojan-activity;sid:81583711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720610)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.127.186.245"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720610/; classtype:trojan-activity;sid:81583710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720608)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"222.137.35.84"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720608/; classtype:trojan-activity;sid:81583708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720609)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"39.73.201.47"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720609/; classtype:trojan-activity;sid:81583709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720605)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.116.106.133"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720605/; classtype:trojan-activity;sid:81583705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720603)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"182.122.201.141"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720603/; classtype:trojan-activity;sid:81583703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720600)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.127.185.181"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720600/; classtype:trojan-activity;sid:81583700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720607)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.57.246.180"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720607/; classtype:trojan-activity;sid:81583707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720601)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"39.86.67.106"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720601/; classtype:trojan-activity;sid:81583701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720604)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"42.230.122.64"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720604/; classtype:trojan-activity;sid:81583704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720606)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"60.243.112.29"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720606/; classtype:trojan-activity;sid:81583706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720599)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"27.219.7.74"; depth:11; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720599/; classtype:trojan-activity;sid:81583699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720598)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"27.219.99.102"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720598/; classtype:trojan-activity;sid:81583698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720594)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"114.226.250.78"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720594/; classtype:trojan-activity;sid:81583694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720593)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"123.14.112.162"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720593/; classtype:trojan-activity;sid:81583693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720586)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"113.87.175.74"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720586/; classtype:trojan-activity;sid:81583686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720589)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"123.12.226.168"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720589/; classtype:trojan-activity;sid:81583689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720592)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"125.46.200.92"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720592/; classtype:trojan-activity;sid:81583692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720585)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; http.host; content:"117.26.110.23"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720585/; classtype:trojan-activity;sid:81583685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720584)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/docs/jcdutjj/"; depth:14; endswith; http.host; content:"hpwdy.com"; depth:9; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720584/; classtype:trojan-activity;sid:81583684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720581)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/img/c/"; depth:7; endswith; http.host; content:"www.pornman.com"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720581/; classtype:trojan-activity;sid:81583681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720579)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/nxov4yiu/"; depth:19; endswith; http.host; content:"fastmotor.000webhostapp.com"; depth:27; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720579/; classtype:trojan-activity;sid:81583679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720577)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jeep-wrangler/4aonvmeilras-0279/"; depth:33; endswith; http.host; content:"delhincracmw.hosting2.acm.org"; depth:29; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720577/; classtype:trojan-activity;sid:81583677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720575)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"61.52.186.248"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720575/; classtype:trojan-activity;sid:81583675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720576)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"88.249.219.71"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720576/; classtype:trojan-activity;sid:81583676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720574)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"27.207.222.195"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720574/; classtype:trojan-activity;sid:81583674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720567)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"219.154.111.245"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720567/; classtype:trojan-activity;sid:81583667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720573)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"222.141.44.12"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720573/; classtype:trojan-activity;sid:81583673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720568)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"27.207.44.114"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720568/; classtype:trojan-activity;sid:81583668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720569)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"39.79.131.142"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720569/; classtype:trojan-activity;sid:81583669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720571)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"45.248.195.16"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720571/; classtype:trojan-activity;sid:81583671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720563)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.113.200.193"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720563/; classtype:trojan-activity;sid:81583663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720561)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.127.64.16"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720561/; classtype:trojan-activity;sid:81583661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720558)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"125.47.60.13"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720558/; classtype:trojan-activity;sid:81583658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720559)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"171.34.113.168"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720559/; classtype:trojan-activity;sid:81583659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720557)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.117.43.100"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720557/; classtype:trojan-activity;sid:81583657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720560)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"183.15.91.152"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720560/; classtype:trojan-activity;sid:81583660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720556)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; http.host; content:"120.59.123.13"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720556/; classtype:trojan-activity;sid:81583656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720552)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"125.42.98.222"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720552/; classtype:trojan-activity;sid:81583652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720551)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"117.211.42.129"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720551/; classtype:trojan-activity;sid:81583651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720549)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"123.14.49.173"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720549/; classtype:trojan-activity;sid:81583649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720550)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"125.41.141.70"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720550/; classtype:trojan-activity;sid:81583650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720548)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"103.139.89.51"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720548/; classtype:trojan-activity;sid:81583648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720545)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"112.253.117.11"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720545/; classtype:trojan-activity;sid:81583645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720544)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"113.87.175.74"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720544/; classtype:trojan-activity;sid:81583644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720547)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"115.55.160.162"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720547/; classtype:trojan-activity;sid:81583647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720546)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; http.host; content:"61.53.86.9"; depth:10; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720546/; classtype:trojan-activity;sid:81583646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720541)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"112.226.123.215"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720541/; classtype:trojan-activity;sid:81583641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720540)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/overview/6555921/6uw9g10b-0079388/"; depth:44; endswith; http.host; content:"fiera-deutzfahr.com"; depth:19; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720540/; classtype:trojan-activity;sid:81583640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720539)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; http.host; content:"200.107.118.131"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720539/; classtype:trojan-activity;sid:81583639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720536)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-includes/dyp/"; depth:17; endswith; http.host; content:"cbdoilhamper.com"; depth:16; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720536/; classtype:trojan-activity;sid:81583636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720531)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"27.202.42.18"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720531/; classtype:trojan-activity;sid:81583631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720535)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"27.216.43.126"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720535/; classtype:trojan-activity;sid:81583635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720532)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"27.222.91.93"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720532/; classtype:trojan-activity;sid:81583632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720530)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"42.232.169.175"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720530/; classtype:trojan-activity;sid:81583630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720534)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"61.52.61.150"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720534/; classtype:trojan-activity;sid:81583634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720529)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"61.53.80.184"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720529/; classtype:trojan-activity;sid:81583629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720527)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.127.64.212"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720527/; classtype:trojan-activity;sid:81583627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720526)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"203.236.190.2"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720526/; classtype:trojan-activity;sid:81583626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720521)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.121.244.254"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720521/; classtype:trojan-activity;sid:81583621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720519)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.121.83.105"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720519/; classtype:trojan-activity;sid:81583619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720520)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"219.154.108.41"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720520/; classtype:trojan-activity;sid:81583620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720522)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"219.154.118.83"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720522/; classtype:trojan-activity;sid:81583622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720518)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"27.194.192.164"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720518/; classtype:trojan-activity;sid:81583618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720517)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"115.63.179.166"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720517/; classtype:trojan-activity;sid:81583617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720516)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"117.202.69.190"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720516/; classtype:trojan-activity;sid:81583616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720515)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.119.92.161"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720515/; classtype:trojan-activity;sid:81583615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720509)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"115.97.31.222"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720509/; classtype:trojan-activity;sid:81583609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720508)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"123.14.80.7"; depth:11; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720508/; classtype:trojan-activity;sid:81583608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720510)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"123.8.177.106"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720510/; classtype:trojan-activity;sid:81583610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720513)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"125.40.32.238"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720513/; classtype:trojan-activity;sid:81583613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720512)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.112.7.134"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720512/; classtype:trojan-activity;sid:81583612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720504)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"1.222.163.42"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720504/; classtype:trojan-activity;sid:81583604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720501)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"112.249.27.5"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720501/; classtype:trojan-activity;sid:81583601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720503)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"123.11.200.113"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720503/; classtype:trojan-activity;sid:81583603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720502)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"219.154.114.217"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720502/; classtype:trojan-activity;sid:81583602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720500)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"27.194.47.21"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720500/; classtype:trojan-activity;sid:81583600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720499)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"112.27.91.247"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720499/; classtype:trojan-activity;sid:81583599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720497)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"115.49.47.210"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720497/; classtype:trojan-activity;sid:81583597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720496)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"27.194.14.59"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720496/; classtype:trojan-activity;sid:81583596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720494)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"113.88.136.27"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720494/; classtype:trojan-activity;sid:81583594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720492)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"115.55.62.137"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720492/; classtype:trojan-activity;sid:81583592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720493)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"222.138.224.228"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720493/; classtype:trojan-activity;sid:81583593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720489)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"115.49.130.138"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720489/; classtype:trojan-activity;sid:81583589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720490)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"115.55.130.72"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720490/; classtype:trojan-activity;sid:81583590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720491)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.121.254.86"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720491/; classtype:trojan-activity;sid:81583591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720487)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; http.host; content:"115.61.181.114"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/720487/; classtype:trojan-activity;sid:81583587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720486)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/stats/public/51295220402592509/ccloapj/"; depth:40; endswith; http.host; content:"maraboutprovoyant.com"; depth:21; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720486/; classtype:trojan-activity;sid:81583586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720485)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"61.52.103.131"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720485/; classtype:trojan-activity;sid:81583585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720484)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"61.53.104.225"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720484/; classtype:trojan-activity;sid:81583584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720483)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"41.86.19.146"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720483/; classtype:trojan-activity;sid:81583583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720482)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"59.99.44.24"; depth:11; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720482/; classtype:trojan-activity;sid:81583582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720481)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; http.host; content:"115.97.64.126"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720481/; classtype:trojan-activity;sid:81583581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720478)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"39.77.24.158"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720478/; classtype:trojan-activity;sid:81583578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720480)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"42.233.159.168"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720480/; classtype:trojan-activity;sid:81583580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720479)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"42.235.157.196"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720479/; classtype:trojan-activity;sid:81583579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720477)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/joker.mpsl"; depth:16; endswith; http.host; content:"107.174.35.226"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720477/; classtype:trojan-activity;sid:81583577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720475)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/joker.x86"; depth:15; endswith; http.host; content:"107.174.35.226"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720475/; classtype:trojan-activity;sid:81583575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720476)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"219.157.37.31"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720476/; classtype:trojan-activity;sid:81583576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720474)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ayedz.mips"; depth:11; endswith; http.host; content:"45.14.224.233"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720474/; classtype:trojan-activity;sid:81583574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720473)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"221.214.255.18"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720473/; classtype:trojan-activity;sid:81583573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720467)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"222.137.177.36"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720467/; classtype:trojan-activity;sid:81583567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720471)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"27.194.114.6"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720471/; classtype:trojan-activity;sid:81583571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720468)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"27.219.1.75"; depth:11; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720468/; classtype:trojan-activity;sid:81583568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720470)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"31.163.180.173"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720470/; classtype:trojan-activity;sid:81583570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720469)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"39.85.78.195"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720469/; classtype:trojan-activity;sid:81583569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720472)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"42.230.226.151"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720472/; classtype:trojan-activity;sid:81583572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720465)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/joker.mips"; depth:16; endswith; http.host; content:"107.174.35.226"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720465/; classtype:trojan-activity;sid:81583565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720464)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/joker.sh"; depth:9; endswith; http.host; content:"107.174.35.226"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720464/; classtype:trojan-activity;sid:81583564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720466)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ayedz.i686"; depth:11; endswith; http.host; content:"45.14.224.233"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720466/; classtype:trojan-activity;sid:81583566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720463)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.121.127.131"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720463/; classtype:trojan-activity;sid:81583563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720461)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.124.131.124"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720461/; classtype:trojan-activity;sid:81583561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720462)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"203.219.151.169"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720462/; classtype:trojan-activity;sid:81583562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720455)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.114.19.238"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720455/; classtype:trojan-activity;sid:81583555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720460)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.121.118.90"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720460/; classtype:trojan-activity;sid:81583560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720459)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"182.121.50.85"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720459/; classtype:trojan-activity;sid:81583559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720458)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"182.121.69.239"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720458/; classtype:trojan-activity;sid:81583558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720456)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"219.155.231.200"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720456/; classtype:trojan-activity;sid:81583556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720457)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"219.156.9.76"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720457/; classtype:trojan-activity;sid:81583557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720454)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"178.248.1.71"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720454/; classtype:trojan-activity;sid:81583554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720453)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"119.56.219.19"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720453/; classtype:trojan-activity;sid:81583553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720452)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"119.185.171.87"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720452/; classtype:trojan-activity;sid:81583552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720450)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"123.10.31.43"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720450/; classtype:trojan-activity;sid:81583550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720451)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"123.233.172.41"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720451/; classtype:trojan-activity;sid:81583551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720449)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"123.9.199.56"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720449/; classtype:trojan-activity;sid:81583549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720447)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"120.59.24.100"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720447/; classtype:trojan-activity;sid:81583547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720446)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"123.164.108.37"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720446/; classtype:trojan-activity;sid:81583546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720445)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"125.41.102.222"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720445/; classtype:trojan-activity;sid:81583545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720448)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"125.47.245.239"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720448/; classtype:trojan-activity;sid:81583548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720444)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"123.130.43.23"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720444/; classtype:trojan-activity;sid:81583544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720443)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"115.96.108.199"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720443/; classtype:trojan-activity;sid:81583543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720441)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"103.91.245.11"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720441/; classtype:trojan-activity;sid:81583541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720442)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"117.202.79.92"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720442/; classtype:trojan-activity;sid:81583542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720440)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-includes/sites/ntxc6akeeje/"; depth:31; endswith; http.host; content:"greyfoxchocolates.in"; depth:20; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720440/; classtype:trojan-activity;sid:81583540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720438)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"113.88.166.218"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720438/; classtype:trojan-activity;sid:81583538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720434)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"115.48.144.225"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720434/; classtype:trojan-activity;sid:81583534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720437)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"115.55.190.130"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720437/; classtype:trojan-activity;sid:81583537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720439)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"115.58.134.4"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720439/; classtype:trojan-activity;sid:81583539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720436)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"115.61.111.37"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720436/; classtype:trojan-activity;sid:81583536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720435)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; http.host; content:"120.59.123.13"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720435/; classtype:trojan-activity;sid:81583535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720433)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/indexing/fycc/"; depth:15; endswith; http.host; content:"alphaberry.com.my"; depth:17; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720433/; classtype:trojan-activity;sid:81583533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720430)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/joker.m68k"; depth:16; endswith; http.host; content:"107.174.35.226"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720430/; classtype:trojan-activity;sid:81583530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720432)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; http.host; content:"182.121.43.130"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720432/; classtype:trojan-activity;sid:81583532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720429)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ayedz.m68k"; depth:11; endswith; http.host; content:"45.14.224.233"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720429/; classtype:trojan-activity;sid:81583529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720431)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/m2pahqvc"; depth:13; endswith; http.host; content:"pastebin.com"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720431/; classtype:trojan-activity;sid:81583531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720428)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ayedz.mipsel"; depth:13; endswith; http.host; content:"45.14.224.233"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720428/; classtype:trojan-activity;sid:81583528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720427)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ayedz.sh4"; depth:10; endswith; http.host; content:"45.14.224.233"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720427/; classtype:trojan-activity;sid:81583527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720426)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; http.host; content:"120.56.118.173"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720426/; classtype:trojan-activity;sid:81583526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720425)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/joker.arm6"; depth:16; endswith; http.host; content:"107.174.35.226"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720425/; classtype:trojan-activity;sid:81583525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720424)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/joker.ppc"; depth:15; endswith; http.host; content:"107.174.35.226"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720424/; classtype:trojan-activity;sid:81583524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720423)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-includes/docs/ksis63fnwa3pkfv/"; depth:34; endswith; http.host; content:"bookingz.net"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720423/; classtype:trojan-activity;sid:81583523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720422)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/joker.arm7"; depth:16; endswith; http.host; content:"107.174.35.226"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720422/; classtype:trojan-activity;sid:81583522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720421)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/joker.sh4"; depth:15; endswith; http.host; content:"107.174.35.226"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720421/; classtype:trojan-activity;sid:81583521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720420)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ayedz.armv61"; depth:13; endswith; http.host; content:"45.14.224.233"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720420/; classtype:trojan-activity;sid:81583520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720419)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ayedz.ppc"; depth:10; endswith; http.host; content:"45.14.224.233"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720419/; classtype:trojan-activity;sid:81583519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720418)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh"; depth:3; endswith; http.host; content:"45.14.224.233"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720418/; classtype:trojan-activity;sid:81583518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720417)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp/lm/20075837679366885/3sini1qp-000682783/"; depth:44; endswith; http.host; content:"hostgo.com.br"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720417/; classtype:trojan-activity;sid:81583517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720415)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/apache2"; depth:8; endswith; http.host; content:"45.14.224.233"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720415/; classtype:trojan-activity;sid:81583515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720416)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ayedz.i586"; depth:11; endswith; http.host; content:"45.14.224.233"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720416/; classtype:trojan-activity;sid:81583516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720414)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"61.65.172.121"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720414/; classtype:trojan-activity;sid:81583514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720413)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"61.52.197.149"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720413/; classtype:trojan-activity;sid:81583513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720410)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/joker.arm5"; depth:16; endswith; http.host; content:"107.174.35.226"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720410/; classtype:trojan-activity;sid:81583510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720412)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"60.16.104.87"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720412/; classtype:trojan-activity;sid:81583512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720411)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"61.52.102.30"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720411/; classtype:trojan-activity;sid:81583511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720408)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins.sh"; depth:8; endswith; http.host; content:"45.14.224.233"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720408/; classtype:trojan-activity;sid:81583508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720409)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"95.28.92.36"; depth:11; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720409/; classtype:trojan-activity;sid:81583509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720407)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"42.226.67.250"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720407/; classtype:trojan-activity;sid:81583507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720398)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"39.73.129.144"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720398/; classtype:trojan-activity;sid:81583498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720399)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"39.86.80.236"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720399/; classtype:trojan-activity;sid:81583499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720400)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"42.230.92.211"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720400/; classtype:trojan-activity;sid:81583500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720406)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"42.231.100.69"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720406/; classtype:trojan-activity;sid:81583506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720403)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"42.233.95.20"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720403/; classtype:trojan-activity;sid:81583503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720404)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"42.234.229.126"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720404/; classtype:trojan-activity;sid:81583504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720405)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"42.235.90.23"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720405/; classtype:trojan-activity;sid:81583505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720402)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"42.239.200.6"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720402/; classtype:trojan-activity;sid:81583502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720401)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/docs/documentation/onz33qe1cjram1vkoz0/"; depth:40; endswith; http.host; content:"alt-ltd.co.uk"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720401/; classtype:trojan-activity;sid:81583501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720397)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/[cpu]"; depth:6; endswith; http.host; content:"45.14.224.233"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720397/; classtype:trojan-activity;sid:81583497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720395)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"219.154.120.112"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720395/; classtype:trojan-activity;sid:81583495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720396)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"219.157.233.194"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720396/; classtype:trojan-activity;sid:81583496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720394)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"219.157.28.203"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720394/; classtype:trojan-activity;sid:81583494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720393)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"27.203.191.137"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720393/; classtype:trojan-activity;sid:81583493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720392)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"27.6.186.53"; depth:11; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720392/; classtype:trojan-activity;sid:81583492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720391)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"27.216.89.99"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720391/; classtype:trojan-activity;sid:81583491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720390)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"182.59.47.155"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720390/; classtype:trojan-activity;sid:81583490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720389)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.59.58.183"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720389/; classtype:trojan-activity;sid:81583489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720385)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"125.36.223.194"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720385/; classtype:trojan-activity;sid:81583485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720388)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"125.47.101.152"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720388/; classtype:trojan-activity;sid:81583488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720386)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.114.80.178"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720386/; classtype:trojan-activity;sid:81583486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720387)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.117.185.229"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720387/; classtype:trojan-activity;sid:81583487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720384)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"123.8.173.9"; depth:11; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720384/; classtype:trojan-activity;sid:81583484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720383)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"125.46.247.71"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720383/; classtype:trojan-activity;sid:81583483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720382)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/admin/browse/sxj7dn48jvuidqc/"; depth:30; endswith; http.host; content:"bilhen.co.za"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720382/; classtype:trojan-activity;sid:81583482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720381)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"117.222.167.197"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720381/; classtype:trojan-activity;sid:81583481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720380)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"123.14.159.34"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720380/; classtype:trojan-activity;sid:81583480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720374)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"115.63.129.150"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720374/; classtype:trojan-activity;sid:81583474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720376)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"116.73.81.56"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720376/; classtype:trojan-activity;sid:81583476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720378)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"119.166.122.180"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720378/; classtype:trojan-activity;sid:81583478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720377)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"119.187.232.255"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720377/; classtype:trojan-activity;sid:81583477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720375)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"119.196.103.45"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720375/; classtype:trojan-activity;sid:81583475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720379)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"123.14.156.10"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720379/; classtype:trojan-activity;sid:81583479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720373)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"119.178.251.246"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720373/; classtype:trojan-activity;sid:81583473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720371)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; http.host; content:"123.5.199.164"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720371/; classtype:trojan-activity;sid:81583471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720372)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; http.host; content:"222.140.171.173"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720372/; classtype:trojan-activity;sid:81583472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720370)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"103.73.155.157"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720370/; classtype:trojan-activity;sid:81583470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720367)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"112.255.249.164"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720367/; classtype:trojan-activity;sid:81583467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720368)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"115.54.65.101"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720368/; classtype:trojan-activity;sid:81583468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720369)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"115.59.211.86"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720369/; classtype:trojan-activity;sid:81583469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720366)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"112.242.143.84"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720366/; classtype:trojan-activity;sid:81583466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720365)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/qay47knl"; depth:13; endswith; http.host; content:"pastebin.com"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720365/; classtype:trojan-activity;sid:81583465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720363)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/please-subscribe-to-my-yt-channel-vegasec/1isequal9.arm"; depth:56; endswith; http.host; content:"206.126.81.140"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720363/; classtype:trojan-activity;sid:81583463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720364)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/please-subscribe-to-my-yt-channel-vegasec/1isequal9.arm7"; depth:57; endswith; http.host; content:"206.126.81.140"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720364/; classtype:trojan-activity;sid:81583464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720362)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-includes/pqs/"; depth:17; endswith; http.host; content:"soicau88.net"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720362/; classtype:trojan-activity;sid:81583462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720361)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ebitda-multiple/parts_service/mvdtvq21gtl/"; depth:43; endswith; http.host; content:"fonduri-service-auto.ro"; depth:23; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720361/; classtype:trojan-activity;sid:81583461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720360)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/e5db0e07c3d7be80v201007/init.sh"; depth:32; endswith; http.host; content:"45.9.148.37"; depth:11; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720360/; classtype:trojan-activity;sid:81583460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720359)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; http.host; content:"116.24.153.249"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720359/; classtype:trojan-activity;sid:81583459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720358)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"88.225.215.32"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720358/; classtype:trojan-activity;sid:81583458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720357)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mipsel"; depth:7; endswith; http.host; content:"192.243.100.114"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720357/; classtype:trojan-activity;sid:81583457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720356)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/powerpc"; depth:8; endswith; http.host; content:"192.243.100.114"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720356/; classtype:trojan-activity;sid:81583456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720354)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i686"; depth:5; endswith; http.host; content:"192.243.100.114"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720354/; classtype:trojan-activity;sid:81583454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720355)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; http.host; content:"192.243.100.114"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720355/; classtype:trojan-activity;sid:81583455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720350)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"60.215.191.154"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720350/; classtype:trojan-activity;sid:81583450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720353)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"60.243.118.14"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720353/; classtype:trojan-activity;sid:81583453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720351)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"61.163.159.173"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720351/; classtype:trojan-activity;sid:81583451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720352)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"61.52.96.12"; depth:11; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720352/; classtype:trojan-activity;sid:81583452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720348)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/armv4l"; depth:7; endswith; http.host; content:"192.243.100.114"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720348/; classtype:trojan-activity;sid:81583448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720349)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/armv7l"; depth:7; endswith; http.host; content:"192.243.100.114"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720349/; classtype:trojan-activity;sid:81583449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720347)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sparc"; depth:6; endswith; http.host; content:"192.243.100.114"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720347/; classtype:trojan-activity;sid:81583447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720346)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"60.214.49.212"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720346/; classtype:trojan-activity;sid:81583446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720345)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"61.52.100.182"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720345/; classtype:trojan-activity;sid:81583445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720339)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/armv5l"; depth:7; endswith; http.host; content:"192.243.100.114"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720339/; classtype:trojan-activity;sid:81583439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720344)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/armv6l"; depth:7; endswith; http.host; content:"192.243.100.114"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720344/; classtype:trojan-activity;sid:81583444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720342)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i586"; depth:5; endswith; http.host; content:"192.243.100.114"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720342/; classtype:trojan-activity;sid:81583442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720340)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; http.host; content:"192.243.100.114"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720340/; classtype:trojan-activity;sid:81583440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720341)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; http.host; content:"192.243.100.114"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720341/; classtype:trojan-activity;sid:81583441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720343)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"60.214.226.6"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720343/; classtype:trojan-activity;sid:81583443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720337)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"219.157.31.71"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720337/; classtype:trojan-activity;sid:81583437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720336)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"27.221.241.109"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720336/; classtype:trojan-activity;sid:81583436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720338)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"39.74.57.62"; depth:11; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720338/; classtype:trojan-activity;sid:81583438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720334)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"221.0.96.149"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720334/; classtype:trojan-activity;sid:81583434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720335)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"221.14.163.178"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720335/; classtype:trojan-activity;sid:81583435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720330)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.126.203.89"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720330/; classtype:trojan-activity;sid:81583430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720332)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"183.17.147.44"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720332/; classtype:trojan-activity;sid:81583432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720329)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"219.155.86.74"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720329/; classtype:trojan-activity;sid:81583429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720331)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"222.137.233.166"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720331/; classtype:trojan-activity;sid:81583431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720327)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"27.193.89.2"; depth:11; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720327/; classtype:trojan-activity;sid:81583427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720326)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"27.207.46.130"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720326/; classtype:trojan-activity;sid:81583426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720328)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"39.65.236.11"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720328/; classtype:trojan-activity;sid:81583428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720333)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"42.238.67.63"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720333/; classtype:trojan-activity;sid:81583433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720325)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"171.88.154.246"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720325/; classtype:trojan-activity;sid:81583425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720323)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"171.83.161.213"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720323/; classtype:trojan-activity;sid:81583423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720324)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.121.118.15"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720324/; classtype:trojan-activity;sid:81583424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720322)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"178.141.34.216"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720322/; classtype:trojan-activity;sid:81583422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720321)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"117.194.167.138"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720321/; classtype:trojan-activity;sid:81583421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720320)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"125.41.136.182"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720320/; classtype:trojan-activity;sid:81583420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720319)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"180.124.124.163"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720319/; classtype:trojan-activity;sid:81583419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720314)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"119.187.38.231"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720314/; classtype:trojan-activity;sid:81583414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720316)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"123.11.193.134"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720316/; classtype:trojan-activity;sid:81583416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720318)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"123.8.83.27"; depth:11; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720318/; classtype:trojan-activity;sid:81583418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720315)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"125.47.6.253"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720315/; classtype:trojan-activity;sid:81583415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720317)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"182.117.108.37"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720317/; classtype:trojan-activity;sid:81583417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720313)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; http.host; content:"39.89.104.145"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720313/; classtype:trojan-activity;sid:81583413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720312)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"115.48.201.70"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720312/; classtype:trojan-activity;sid:81583412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720311)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"115.54.131.48"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720311/; classtype:trojan-activity;sid:81583411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720310)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"117.194.160.175"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720310/; classtype:trojan-activity;sid:81583410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720309)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"103.235.165.218"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720309/; classtype:trojan-activity;sid:81583409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720308)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"115.99.184.144"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720308/; classtype:trojan-activity;sid:81583408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720302)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"113.116.121.174"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720302/; classtype:trojan-activity;sid:81583402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720306)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"113.116.176.98"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720306/; classtype:trojan-activity;sid:81583406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720305)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"113.118.132.17"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720305/; classtype:trojan-activity;sid:81583405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720307)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"115.48.207.134"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720307/; classtype:trojan-activity;sid:81583407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720301)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"115.58.174.14"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720301/; classtype:trojan-activity;sid:81583401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720303)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"115.61.105.19"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720303/; classtype:trojan-activity;sid:81583403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720304)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"115.61.160.52"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720304/; classtype:trojan-activity;sid:81583404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720300)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/stats/doc/wqaeutzoha/"; depth:22; endswith; http.host; content:"maraboutpuissantserieux.com"; depth:27; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720300/; classtype:trojan-activity;sid:81583400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720299)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; http.host; content:"27.223.160.180"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720299/; classtype:trojan-activity;sid:81583399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720298)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; http.host; content:"182.121.43.130"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720298/; classtype:trojan-activity;sid:81583398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720296)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; http.host; content:"219.156.11.96"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720296/; classtype:trojan-activity;sid:81583396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720297)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; http.host; content:"39.73.30.218"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720297/; classtype:trojan-activity;sid:81583397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720295)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp/browse/idrgqb7ev4sxfj/"; depth:26; endswith; http.host; content:"beri100.com"; depth:11; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720295/; classtype:trojan-activity;sid:81583395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720294)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/design/3154/1099375044933141/zvd/"; depth:34; endswith; http.host; content:"flexilifephysio.in"; depth:18; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720294/; classtype:trojan-activity;sid:81583394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720293)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dashboardl/doc/gqefhecksrvyv467kjlo/"; depth:37; endswith; http.host; content:"bambook-park.com"; depth:16; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720293/; classtype:trojan-activity;sid:81583393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720292)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"92.9.159.19"; depth:11; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720292/; classtype:trojan-activity;sid:81583392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720290)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cgi-bin/9z6l/"; depth:14; endswith; http.host; content:"legalempowermentindia.com"; depth:25; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720290/; classtype:trojan-activity;sid:81583390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720291)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blogs/97wswfb/"; depth:15; endswith; http.host; content:"hd.yamarinkou.jp"; depth:16; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720291/; classtype:trojan-activity;sid:81583391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720289)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp/evinc/"; depth:10; endswith; http.host; content:"theusmansaif.com"; depth:16; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720289/; classtype:trojan-activity;sid:81583389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720288)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/florida/u7aj/"; depth:14; endswith; http.host; content:"webclientworks.xyz"; depth:18; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720288/; classtype:trojan-activity;sid:81583388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720287)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/parent/lnnbb/"; depth:14; endswith; http.host; content:"dharampal.net"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720287/; classtype:trojan-activity;sid:81583387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720286)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cgi-bin/jnzi/"; depth:14; endswith; http.host; content:"ziil.eu"; depth:7; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720286/; classtype:trojan-activity;sid:81583386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720285)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-includes/ucv8/"; depth:18; endswith; http.host; content:"arifulhuq.com"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720285/; classtype:trojan-activity;sid:81583385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720284)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; http.host; content:"187.103.82.111"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720284/; classtype:trojan-activity;sid:81583384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720283)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/c/"; depth:14; endswith; http.host; content:"greenlandlion.com"; depth:17; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720283/; classtype:trojan-activity;sid:81583383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720282)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"61.52.62.97"; depth:11; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720282/; classtype:trojan-activity;sid:81583382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720281)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"27.44.103.217"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720281/; classtype:trojan-activity;sid:81583381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720278)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"222.141.149.135"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720278/; classtype:trojan-activity;sid:81583378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720279)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"42.224.26.16"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720279/; classtype:trojan-activity;sid:81583379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720280)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"42.235.178.56"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720280/; classtype:trojan-activity;sid:81583380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720276)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"222.138.126.235"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720276/; classtype:trojan-activity;sid:81583376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720275)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"222.140.166.121"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720275/; classtype:trojan-activity;sid:81583375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720277)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fonts/oct/pbngcwv/"; depth:19; endswith; http.host; content:"personaltrainersindia.com"; depth:25; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720277/; classtype:trojan-activity;sid:81583377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720274)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"182.59.118.222"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720274/; classtype:trojan-activity;sid:81583374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720270)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"183.32.221.2"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720270/; classtype:trojan-activity;sid:81583370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720273)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"200.123.233.130"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720273/; classtype:trojan-activity;sid:81583373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720271)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"219.154.111.245"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720271/; classtype:trojan-activity;sid:81583371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720272)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"221.1.144.161"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720272/; classtype:trojan-activity;sid:81583372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720269)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"222.137.232.47"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720269/; classtype:trojan-activity;sid:81583369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720268)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"188.169.167.109"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720268/; classtype:trojan-activity;sid:81583368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720267)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"202.111.130.62"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720267/; classtype:trojan-activity;sid:81583367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720266)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"115.96.120.200"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720266/; classtype:trojan-activity;sid:81583366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720265)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"115.99.99.145"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720265/; classtype:trojan-activity;sid:81583365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720264)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"117.247.101.204"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720264/; classtype:trojan-activity;sid:81583364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720263)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"115.59.233.217"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720263/; classtype:trojan-activity;sid:81583363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720262)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.116.71.114"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720262/; classtype:trojan-activity;sid:81583362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720261)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.121.53.242"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720261/; classtype:trojan-activity;sid:81583361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720260)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.127.54.207"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720260/; classtype:trojan-activity;sid:81583360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720259)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"115.59.83.237"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720259/; classtype:trojan-activity;sid:81583359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720258)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"182.124.173.2"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720258/; classtype:trojan-activity;sid:81583358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720257)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; http.host; content:"42.230.93.236"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720257/; classtype:trojan-activity;sid:81583357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720256)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"112.249.178.230"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720256/; classtype:trojan-activity;sid:81583356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720255)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"111.182.238.151"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720255/; classtype:trojan-activity;sid:81583355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720254)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"115.201.127.125"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720254/; classtype:trojan-activity;sid:81583354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720253)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"110.35.245.162"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720253/; classtype:trojan-activity;sid:81583353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720250)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"112.255.154.54"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720250/; classtype:trojan-activity;sid:81583350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720252)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"115.48.130.46"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720252/; classtype:trojan-activity;sid:81583352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720251)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"115.49.13.142"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720251/; classtype:trojan-activity;sid:81583351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720249)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"112.237.9.88"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720249/; classtype:trojan-activity;sid:81583349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720248)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"115.59.208.102"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720248/; classtype:trojan-activity;sid:81583348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720247)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; http.host; content:"61.53.138.190"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720247/; classtype:trojan-activity;sid:81583347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720246)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; http.host; content:"27.213.170.155"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720246/; classtype:trojan-activity;sid:81583346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720245)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; http.host; content:"182.120.165.91"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720245/; classtype:trojan-activity;sid:81583345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720244)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; http.host; content:"39.73.30.218"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720244/; classtype:trojan-activity;sid:81583344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720243)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; http.host; content:"219.156.11.96"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720243/; classtype:trojan-activity;sid:81583343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720242)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; http.host; content:"27.216.214.240"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720242/; classtype:trojan-activity;sid:81583342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720241)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fonts/payment/6598/bwxxvfxut/"; depth:30; endswith; http.host; content:"rnmultispecialityhospital.in"; depth:28; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720241/; classtype:trojan-activity;sid:81583341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720240)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"60.211.64.82"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720240/; classtype:trojan-activity;sid:81583340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720239)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"61.53.103.22"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720239/; classtype:trojan-activity;sid:81583339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720238)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"61.162.163.26"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720238/; classtype:trojan-activity;sid:81583338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720237)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"82.128.141.82"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720237/; classtype:trojan-activity;sid:81583337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720236)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"37.19.51.174"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720236/; classtype:trojan-activity;sid:81583336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720233)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"27.207.248.43"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720233/; classtype:trojan-activity;sid:81583333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720235)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"42.224.12.222"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720235/; classtype:trojan-activity;sid:81583335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720234)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"42.230.70.73"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720234/; classtype:trojan-activity;sid:81583334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720228)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"27.216.172.160"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720228/; classtype:trojan-activity;sid:81583328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720229)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"39.73.44.47"; depth:11; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720229/; classtype:trojan-activity;sid:81583329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720232)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"39.79.150.175"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720232/; classtype:trojan-activity;sid:81583332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720227)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"42.227.184.165"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720227/; classtype:trojan-activity;sid:81583327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720230)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"42.228.44.75"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720230/; classtype:trojan-activity;sid:81583330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720231)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"42.233.143.125"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720231/; classtype:trojan-activity;sid:81583331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720226)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mailer/esp/oxnts/"; depth:18; endswith; http.host; content:"workex.jobs"; depth:11; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720226/; classtype:trojan-activity;sid:81583326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720225)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.121.48.122"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720225/; classtype:trojan-activity;sid:81583325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720224)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.127.106.70"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720224/; classtype:trojan-activity;sid:81583324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720220)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"219.154.104.197"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720220/; classtype:trojan-activity;sid:81583320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720221)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"219.157.246.244"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720221/; classtype:trojan-activity;sid:81583321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720219)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"219.157.40.12"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720219/; classtype:trojan-activity;sid:81583319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720222)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"221.15.237.5"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720222/; classtype:trojan-activity;sid:81583322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720223)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"27.206.190.26"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720223/; classtype:trojan-activity;sid:81583323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720218)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"125.99.132.63"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720218/; classtype:trojan-activity;sid:81583318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720216)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"123.10.132.172"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720216/; classtype:trojan-activity;sid:81583316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720217)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"123.130.58.100"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720217/; classtype:trojan-activity;sid:81583317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720214)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"124.135.177.193"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720214/; classtype:trojan-activity;sid:81583314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720215)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.112.52.121"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720215/; classtype:trojan-activity;sid:81583315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720212)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"119.167.12.95"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720212/; classtype:trojan-activity;sid:81583312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720209)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"125.45.65.56"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720209/; classtype:trojan-activity;sid:81583309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720211)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"125.47.240.53"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720211/; classtype:trojan-activity;sid:81583311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720207)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.114.95.145"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720207/; classtype:trojan-activity;sid:81583307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720208)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.116.68.165"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720208/; classtype:trojan-activity;sid:81583308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720213)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.121.156.154"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720213/; classtype:trojan-activity;sid:81583313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720210)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.121.156.233"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720210/; classtype:trojan-activity;sid:81583310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720206)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"115.69.117.3"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720206/; classtype:trojan-activity;sid:81583306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720204)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"115.97.66.209"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720204/; classtype:trojan-activity;sid:81583304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720205)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"115.97.7.49"; depth:11; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720205/; classtype:trojan-activity;sid:81583305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720202)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"106.0.59.19"; depth:11; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720202/; classtype:trojan-activity;sid:81583302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720203)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"116.73.68.11"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720203/; classtype:trojan-activity;sid:81583303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720200)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"112.232.175.12"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720200/; classtype:trojan-activity;sid:81583300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720201)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"112.238.228.252"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720201/; classtype:trojan-activity;sid:81583301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720199)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"115.56.138.63"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720199/; classtype:trojan-activity;sid:81583299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720198)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; http.host; content:"182.126.245.102"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720198/; classtype:trojan-activity;sid:81583298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720197)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/interesting-classification/docs/rk6qpkxklluroe6srp/"; depth:52; endswith; http.host; content:"asikk.id"; depth:8; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720197/; classtype:trojan-activity;sid:81583297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720196)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; http.host; content:"39.88.42.75"; depth:11; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720196/; classtype:trojan-activity;sid:81583296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720195)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nishassharma.com/parts_service/o2iuxtqbfw/"; depth:43; endswith; http.host; content:"nishassharma.com"; depth:16; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720195/; classtype:trojan-activity;sid:81583295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720194)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"45.176.111.92"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720194/; classtype:trojan-activity;sid:81583294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720193)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"59.18.194.137"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720193/; classtype:trojan-activity;sid:81583293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720192)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"60.243.49.108"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720192/; classtype:trojan-activity;sid:81583292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720191)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"61.52.168.24"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720191/; classtype:trojan-activity;sid:81583291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720188)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"42.230.125.105"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720188/; classtype:trojan-activity;sid:81583288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720187)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"42.234.228.138"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720187/; classtype:trojan-activity;sid:81583287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720189)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"42.235.89.142"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720189/; classtype:trojan-activity;sid:81583289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720190)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"45.248.195.179"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720190/; classtype:trojan-activity;sid:81583290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720186)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"46.201.5.174"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720186/; classtype:trojan-activity;sid:81583286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720185)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"211.116.220.16"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720185/; classtype:trojan-activity;sid:81583285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720184)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"221.215.240.181"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720184/; classtype:trojan-activity;sid:81583284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720183)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"221.1.144.161"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720183/; classtype:trojan-activity;sid:81583283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720182)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"27.6.185.239"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720182/; classtype:trojan-activity;sid:81583282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720181)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"27.7.181.80"; depth:11; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720181/; classtype:trojan-activity;sid:81583281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720180)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"39.79.37.29"; depth:11; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720180/; classtype:trojan-activity;sid:81583280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720177)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"222.138.178.147"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720177/; classtype:trojan-activity;sid:81583277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720179)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"222.139.53.12"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720179/; classtype:trojan-activity;sid:81583279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720176)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"27.210.192.7"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720176/; classtype:trojan-activity;sid:81583276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720178)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"42.224.75.114"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720178/; classtype:trojan-activity;sid:81583278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720174)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.117.106.111"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720174/; classtype:trojan-activity;sid:81583274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720175)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.117.123.3"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720175/; classtype:trojan-activity;sid:81583275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720173)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.120.58.34"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720173/; classtype:trojan-activity;sid:81583273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720172)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.126.161.168"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720172/; classtype:trojan-activity;sid:81583272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720171)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"121.25.78.196"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720171/; classtype:trojan-activity;sid:81583271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720170)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wiremu-kingi/etrac/624039604382/eobr-91974/"; depth:44; endswith; http.host; content:"serenitykenya.co.ke"; depth:19; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720170/; classtype:trojan-activity;sid:81583270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720169)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"125.47.244.117"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720169/; classtype:trojan-activity;sid:81583269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720168)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"121.165.110.38"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720168/; classtype:trojan-activity;sid:81583268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720167)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"123.9.85.131"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720167/; classtype:trojan-activity;sid:81583267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720165)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"124.135.64.197"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720165/; classtype:trojan-activity;sid:81583265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720164)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"125.41.204.209"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720164/; classtype:trojan-activity;sid:81583264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720166)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"161.81.168.64"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720166/; classtype:trojan-activity;sid:81583266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720162)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"125.47.103.91"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720162/; classtype:trojan-activity;sid:81583262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720163)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.113.213.224"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720163/; classtype:trojan-activity;sid:81583263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720161)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"112.251.166.110"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720161/; classtype:trojan-activity;sid:81583261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720160)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"112.27.124.110"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720160/; classtype:trojan-activity;sid:81583260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720159)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"115.63.36.51"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720159/; classtype:trojan-activity;sid:81583259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720158)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"119.179.78.31"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720158/; classtype:trojan-activity;sid:81583258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720157)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; http.host; content:"113.59.164.135"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720157/; classtype:trojan-activity;sid:81583257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720156)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"117.194.160.173"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720156/; classtype:trojan-activity;sid:81583256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720155)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"111.92.104.204"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720155/; classtype:trojan-activity;sid:81583255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720151)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"112.238.148.155"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720151/; classtype:trojan-activity;sid:81583251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720152)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"115.53.235.190"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720152/; classtype:trojan-activity;sid:81583252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720153)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"115.55.159.129"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720153/; classtype:trojan-activity;sid:81583253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720154)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"120.209.98.100"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720154/; classtype:trojan-activity;sid:81583254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720148)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"112.226.253.76"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720148/; classtype:trojan-activity;sid:81583248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720150)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"115.59.28.32"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720150/; classtype:trojan-activity;sid:81583250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720149)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"118.212.114.50"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720149/; classtype:trojan-activity;sid:81583249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720147)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/lpjnp60y"; depth:13; endswith; http.host; content:"pastebin.com"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720147/; classtype:trojan-activity;sid:81583247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720146)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/zdcpqfzdmm5x9mxaaxxx/"; depth:31; endswith; http.host; content:"sgpelvicfloor.in"; depth:16; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720146/; classtype:trojan-activity;sid:81583246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720145)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; http.host; content:"14.155.221.219"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720145/; classtype:trojan-activity;sid:81583245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720144)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; http.host; content:"42.230.93.236"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720144/; classtype:trojan-activity;sid:81583244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720143)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/satta-matka/sites/dopezu4qrqwc5q4/"; depth:35; endswith; http.host; content:"ihalesowen.co.uk"; depth:16; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720143/; classtype:trojan-activity;sid:81583243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720142)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; http.host; content:"115.55.62.137"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720142/; classtype:trojan-activity;sid:81583242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720141)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"60.243.115.28"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720141/; classtype:trojan-activity;sid:81583241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720140)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"60.211.5.162"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720140/; classtype:trojan-activity;sid:81583240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720139)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; http.host; content:"184.82.76.125"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720139/; classtype:trojan-activity;sid:81583239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720137)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"60.220.32.127"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720137/; classtype:trojan-activity;sid:81583237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720138)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"61.52.208.201"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720138/; classtype:trojan-activity;sid:81583238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720136)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"42.230.140.30"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720136/; classtype:trojan-activity;sid:81583236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720132)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"200.107.118.137"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720132/; classtype:trojan-activity;sid:81583232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720133)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"218.59.14.121"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720133/; classtype:trojan-activity;sid:81583233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720134)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"222.137.130.190"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720134/; classtype:trojan-activity;sid:81583234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720130)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"222.137.4.66"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720130/; classtype:trojan-activity;sid:81583230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720131)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"27.219.116.155"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720131/; classtype:trojan-activity;sid:81583231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720135)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"42.225.31.144"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720135/; classtype:trojan-activity;sid:81583235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720129)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"219.157.212.146"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720129/; classtype:trojan-activity;sid:81583229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720126)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; http.host; content:"116.24.153.249"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720126/; classtype:trojan-activity;sid:81583226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720127)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"120.63.135.40"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720127/; classtype:trojan-activity;sid:81583227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720124)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"123.11.52.56"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720124/; classtype:trojan-activity;sid:81583224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720123)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"123.130.94.41"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720123/; classtype:trojan-activity;sid:81583223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720122)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"123.235.115.201"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720122/; classtype:trojan-activity;sid:81583222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720128)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"124.131.133.98"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720128/; classtype:trojan-activity;sid:81583228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720121)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.116.77.103"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720121/; classtype:trojan-activity;sid:81583221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720125)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.126.235.50"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720125/; classtype:trojan-activity;sid:81583225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720119)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"112.237.19.215"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720119/; classtype:trojan-activity;sid:81583219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720120)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"119.165.150.209"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720120/; classtype:trojan-activity;sid:81583220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720118)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"112.255.86.86"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720118/; classtype:trojan-activity;sid:81583218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720115)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"104.205.167.130"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720115/; classtype:trojan-activity;sid:81583215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720114)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"112.230.63.178"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720114/; classtype:trojan-activity;sid:81583214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720109)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"112.254.121.149"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720109/; classtype:trojan-activity;sid:81583209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720108)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"115.49.73.183"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720108/; classtype:trojan-activity;sid:81583208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720113)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"115.50.34.220"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720113/; classtype:trojan-activity;sid:81583213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720111)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"115.54.241.245"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720111/; classtype:trojan-activity;sid:81583211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720110)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"115.58.158.77"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720110/; classtype:trojan-activity;sid:81583210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720116)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"115.59.206.81"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720116/; classtype:trojan-activity;sid:81583216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720112)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"118.79.222.27"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720112/; classtype:trojan-activity;sid:81583212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720117)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; http.host; content:"182.120.165.91"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720117/; classtype:trojan-activity;sid:81583217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720107)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; http.host; content:"88.232.117.230"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720107/; classtype:trojan-activity;sid:81583207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720106)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/etrac/buzxmb0jrrptf7i566/"; depth:35; endswith; http.host; content:"fedrizziseguros.com.br"; depth:22; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720106/; classtype:trojan-activity;sid:81583206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720105)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"59.99.44.136"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720105/; classtype:trojan-activity;sid:81583205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720099)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"42.235.154.209"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720099/; classtype:trojan-activity;sid:81583199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720102)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"42.238.240.128"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720102/; classtype:trojan-activity;sid:81583202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720103)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"42.239.244.248"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720103/; classtype:trojan-activity;sid:81583203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720104)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"60.243.112.151"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720104/; classtype:trojan-activity;sid:81583204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720100)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"61.53.116.212"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720100/; classtype:trojan-activity;sid:81583200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720101)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"61.53.125.148"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720101/; classtype:trojan-activity;sid:81583201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720098)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/docs/jxme7zzfn05gk31y/"; depth:34; endswith; http.host; content:"fluiditytech.com"; depth:16; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720098/; classtype:trojan-activity;sid:81583198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720097)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"182.121.72.45"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720097/; classtype:trojan-activity;sid:81583197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720096)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"42.224.3.95"; depth:11; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720096/; classtype:trojan-activity;sid:81583196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720095)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.58.214.253"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720095/; classtype:trojan-activity;sid:81583195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720093)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"182.117.185.229"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720093/; classtype:trojan-activity;sid:81583193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720092)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.117.66.145"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720092/; classtype:trojan-activity;sid:81583192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720094)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"222.135.195.93"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720094/; classtype:trojan-activity;sid:81583194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720091)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"222.138.103.101"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720091/; classtype:trojan-activity;sid:81583191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720090)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"42.230.96.40"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720090/; classtype:trojan-activity;sid:81583190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720088)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.121.93.254"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720088/; classtype:trojan-activity;sid:81583188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720087)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"222.141.41.74"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720087/; classtype:trojan-activity;sid:81583187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720086)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"39.88.80.60"; depth:11; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720086/; classtype:trojan-activity;sid:81583186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720089)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"42.234.249.12"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720089/; classtype:trojan-activity;sid:81583189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720085)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; http.host; content:"78.186.4.22"; depth:11; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720085/; classtype:trojan-activity;sid:81583185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720082)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"123.8.72.8"; depth:10; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720082/; classtype:trojan-activity;sid:81583182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720081)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"125.40.146.13"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720081/; classtype:trojan-activity;sid:81583181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720080)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"125.41.11.35"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720080/; classtype:trojan-activity;sid:81583180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720083)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"125.44.244.128"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720083/; classtype:trojan-activity;sid:81583183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720084)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/public/7008040010914236/69l1wy5fdsas-00083439/"; depth:56; endswith; http.host; content:"www.sefidesign.com"; depth:18; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720084/; classtype:trojan-activity;sid:81583184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720079)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"125.44.212.161"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720079/; classtype:trojan-activity;sid:81583179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720078)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"182.116.65.200"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720078/; classtype:trojan-activity;sid:81583178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720077)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"119.189.179.145"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720077/; classtype:trojan-activity;sid:81583177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720075)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"101.108.133.109"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720075/; classtype:trojan-activity;sid:81583175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720074)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"116.25.36.71"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720074/; classtype:trojan-activity;sid:81583174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720076)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"123.53.37.46"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720076/; classtype:trojan-activity;sid:81583176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720069)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"112.238.129.125"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720069/; classtype:trojan-activity;sid:81583169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720071)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"112.27.124.163"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720071/; classtype:trojan-activity;sid:81583171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720073)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"112.30.110.64"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720073/; classtype:trojan-activity;sid:81583173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720070)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"115.52.22.19"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720070/; classtype:trojan-activity;sid:81583170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720072)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"115.61.99.157"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720072/; classtype:trojan-activity;sid:81583172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720068)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"123.12.243.71"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720068/; classtype:trojan-activity;sid:81583168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720067)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"115.50.206.246"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720067/; classtype:trojan-activity;sid:81583167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720066)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chatlive/oct/ths7vqjax8rawzrybjph/"; depth:35; endswith; http.host; content:"delaxy.com.br"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720066/; classtype:trojan-activity;sid:81583166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720065)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; http.host; content:"101.108.135.186"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720065/; classtype:trojan-activity;sid:81583165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720064)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cgi-bin/izvndgexakd/uwrtxpnz/"; depth:30; endswith; http.host; content:"mecosmeticos.com"; depth:16; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720064/; classtype:trojan-activity;sid:81583164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720063)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; http.host; content:"27.215.35.41"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720063/; classtype:trojan-activity;sid:81583163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720062)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; http.host; content:"78.186.4.22"; depth:11; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720062/; classtype:trojan-activity;sid:81583162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720061)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/db/attachments/zx4mpmjavte1fk/"; depth:31; endswith; http.host; content:"agclassesedu.com"; depth:16; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720061/; classtype:trojan-activity;sid:81583161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720059)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"60.243.113.5"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720059/; classtype:trojan-activity;sid:81583159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720060)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"60.243.125.234"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720060/; classtype:trojan-activity;sid:81583160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720058)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"175.10.213.18"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720058/; classtype:trojan-activity;sid:81583158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720057)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.121.219.203"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720057/; classtype:trojan-activity;sid:81583157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720055)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"222.142.209.4"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720055/; classtype:trojan-activity;sid:81583155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720056)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"27.221.244.69"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720056/; classtype:trojan-activity;sid:81583156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720054)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"180.148.110.89"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720054/; classtype:trojan-activity;sid:81583154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720050)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"125.46.251.217"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720050/; classtype:trojan-activity;sid:81583150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720053)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"168.196.102.118"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720053/; classtype:trojan-activity;sid:81583153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720051)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"219.157.223.93"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720051/; classtype:trojan-activity;sid:81583151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720052)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"31.163.180.173"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720052/; classtype:trojan-activity;sid:81583152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720049)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"39.79.146.87"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720049/; classtype:trojan-activity;sid:81583149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720045)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"185.190.164.184"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720045/; classtype:trojan-activity;sid:81583145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720046)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"218.59.116.254"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720046/; classtype:trojan-activity;sid:81583146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720048)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"42.224.141.147"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720048/; classtype:trojan-activity;sid:81583148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720047)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"42.224.33.187"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720047/; classtype:trojan-activity;sid:81583147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720044)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"115.99.189.46"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720044/; classtype:trojan-activity;sid:81583144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720043)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"103.82.223.107"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720043/; classtype:trojan-activity;sid:81583143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720042)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"113.59.181.79"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720042/; classtype:trojan-activity;sid:81583142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720041)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"117.202.70.114"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720041/; classtype:trojan-activity;sid:81583141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720040)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"119.191.191.200"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720040/; classtype:trojan-activity;sid:81583140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720039)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"123.4.68.206"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720039/; classtype:trojan-activity;sid:81583139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720034)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"112.238.130.177"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720034/; classtype:trojan-activity;sid:81583134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720036)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"113.116.227.74"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720036/; classtype:trojan-activity;sid:81583136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720035)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"113.4.237.121"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720035/; classtype:trojan-activity;sid:81583135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720038)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"115.48.63.37"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720038/; classtype:trojan-activity;sid:81583138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720037)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"123.9.199.180"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720037/; classtype:trojan-activity;sid:81583137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720033)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/content/browse/wzxgxsdbiqds/"; depth:29; endswith; http.host; content:"bharatlearningsolutions.com"; depth:27; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720033/; classtype:trojan-activity;sid:81583133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720032)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/lm/ztta/"; depth:20; endswith; http.host; content:"tuyendungtin.com"; depth:16; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720032/; classtype:trojan-activity;sid:81583132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720031)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; http.host; content:"88.232.117.230"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720031/; classtype:trojan-activity;sid:81583131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720030)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; http.host; content:"42.234.162.4"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720030/; classtype:trojan-activity;sid:81583130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720029)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; http.host; content:"182.127.181.237"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720029/; classtype:trojan-activity;sid:81583129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720028)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/oct/rafaqxrxdyafu/"; depth:30; endswith; http.host; content:"www.tunuvo.com"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720028/; classtype:trojan-activity;sid:81583128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720027)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/ceogakdr/"; depth:19; endswith; http.host; content:"gregshadoan.com"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720027/; classtype:trojan-activity;sid:81583127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720026)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cli/statement/793948638/i6jv76ok-000207205/"; depth:44; endswith; http.host; content:"radio.hablum.es"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720026/; classtype:trojan-activity;sid:81583126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720025)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/browse/5vsnc2qq31l72/"; depth:31; endswith; http.host; content:"et20slam.com"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720025/; classtype:trojan-activity;sid:81583125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720024)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/magnet-powered/pages/5xsbrymz98nbkrm32o/"; depth:41; endswith; http.host; content:"www.freeps3game.com"; depth:19; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720024/; classtype:trojan-activity;sid:81583124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720023)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/lm/78757730/tx/"; depth:25; endswith; http.host; content:"americanasianfoodmarket.com"; depth:27; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720023/; classtype:trojan-activity;sid:81583123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720022)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"27.6.146.43"; depth:11; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720022/; classtype:trojan-activity;sid:81583122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720021)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"42.237.208.17"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720021/; classtype:trojan-activity;sid:81583121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720016)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"39.77.167.173"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720016/; classtype:trojan-activity;sid:81583116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720020)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"42.224.3.235"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720020/; classtype:trojan-activity;sid:81583120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720019)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"42.230.102.3"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720019/; classtype:trojan-activity;sid:81583119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720018)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"42.235.155.31"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720018/; classtype:trojan-activity;sid:81583118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720015)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"61.52.159.64"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720015/; classtype:trojan-activity;sid:81583115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720017)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"61.54.62.35"; depth:11; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720017/; classtype:trojan-activity;sid:81583117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720014)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"221.215.65.3"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720014/; classtype:trojan-activity;sid:81583114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720013)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; http.host; content:"222.103.239.170"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720013/; classtype:trojan-activity;sid:81583113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720010)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"117.242.211.206"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720010/; classtype:trojan-activity;sid:81583110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720011)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"119.163.165.52"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720011/; classtype:trojan-activity;sid:81583111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720009)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"125.43.63.123"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720009/; classtype:trojan-activity;sid:81583109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720008)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"170.78.39.105"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720008/; classtype:trojan-activity;sid:81583108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720007)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.119.100.116"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720007/; classtype:trojan-activity;sid:81583107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720012)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"221.0.117.227"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720012/; classtype:trojan-activity;sid:81583112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720005)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"182.119.123.148"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720005/; classtype:trojan-activity;sid:81583105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720006)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.120.56.115"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720006/; classtype:trojan-activity;sid:81583106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720003)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"113.116.144.172"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720003/; classtype:trojan-activity;sid:81583103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720002)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"115.48.207.134"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720002/; classtype:trojan-activity;sid:81583102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720004)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"116.19.126.47"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720004/; classtype:trojan-activity;sid:81583104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719998)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"1.190.255.90"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719998/; classtype:trojan-activity;sid:81583098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720001)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"112.27.124.179"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720001/; classtype:trojan-activity;sid:81583101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719999)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"115.51.111.113"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719999/; classtype:trojan-activity;sid:81583099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (720000)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"115.61.106.64"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/720000/; classtype:trojan-activity;sid:81583100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719997)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"115.61.125.69"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719997/; classtype:trojan-activity;sid:81583097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719996)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/postnewo/overview/m2ztfwxqsqo/"; depth:31; endswith; http.host; content:"artofdates.com"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719996/; classtype:trojan-activity;sid:81583096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719995)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; http.host; content:"27.215.35.41"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719995/; classtype:trojan-activity;sid:81583095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719994)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; http.host; content:"115.55.62.137"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719994/; classtype:trojan-activity;sid:81583094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719993)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sys-cache/esp/i9ojjbz2kercm7m/"; depth:31; endswith; http.host; content:"investph.co"; depth:11; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719993/; classtype:trojan-activity;sid:81583093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719992)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-includes/976144727019/zl6q3lkuimx-09/"; depth:41; endswith; http.host; content:"shopezoy.com"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719992/; classtype:trojan-activity;sid:81583092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719991)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; http.host; content:"42.234.162.4"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719991/; classtype:trojan-activity;sid:81583091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719989)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; http.host; content:"36.33.133.230"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719989/; classtype:trojan-activity;sid:81583089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719990)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/llc/fb3kccssbn7dpuvaffvu/"; depth:35; endswith; http.host; content:"ntaabhyasmaster.net"; depth:19; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719990/; classtype:trojan-activity;sid:81583090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719988)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"60.254.26.92"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719988/; classtype:trojan-activity;sid:81583088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719987)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; http.host; content:"123.240.103.89"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719987/; classtype:trojan-activity;sid:81583087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719983)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; http.host; content:"185.106.47.98"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719983/; classtype:trojan-activity;sid:81583083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719985)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"39.86.77.98"; depth:11; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719985/; classtype:trojan-activity;sid:81583085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719986)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"42.230.132.52"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719986/; classtype:trojan-activity;sid:81583086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719984)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"60.214.202.142"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719984/; classtype:trojan-activity;sid:81583084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719982)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"66.205.135.34"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719982/; classtype:trojan-activity;sid:81583082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719981)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"42.224.173.5"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719981/; classtype:trojan-activity;sid:81583081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719980)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"27.35.212.6"; depth:11; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719980/; classtype:trojan-activity;sid:81583080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719977)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"218.59.91.208"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719977/; classtype:trojan-activity;sid:81583077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719974)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"219.155.71.86"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719974/; classtype:trojan-activity;sid:81583074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719979)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"219.156.98.213"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719979/; classtype:trojan-activity;sid:81583079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719975)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"219.157.56.102"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719975/; classtype:trojan-activity;sid:81583075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719978)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"222.138.180.251"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719978/; classtype:trojan-activity;sid:81583078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719976)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"222.138.22.206"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719976/; classtype:trojan-activity;sid:81583076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719972)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"222.138.202.165"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719972/; classtype:trojan-activity;sid:81583072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719973)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"27.194.151.26"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719973/; classtype:trojan-activity;sid:81583073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719971)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"119.189.141.71"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719971/; classtype:trojan-activity;sid:81583071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719966)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"118.79.241.111"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719966/; classtype:trojan-activity;sid:81583066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719968)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"123.11.26.119"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719968/; classtype:trojan-activity;sid:81583068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719965)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"123.4.76.145"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719965/; classtype:trojan-activity;sid:81583065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719964)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"125.42.121.67"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719964/; classtype:trojan-activity;sid:81583064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719970)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"182.117.103.27"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719970/; classtype:trojan-activity;sid:81583070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719967)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.120.56.198"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719967/; classtype:trojan-activity;sid:81583067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719969)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.123.214.23"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719969/; classtype:trojan-activity;sid:81583069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719963)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"1.62.12.80"; depth:10; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719963/; classtype:trojan-activity;sid:81583063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719962)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"112.249.58.243"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719962/; classtype:trojan-activity;sid:81583062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719960)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"112.255.164.15"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719960/; classtype:trojan-activity;sid:81583060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719961)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"115.50.225.196"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719961/; classtype:trojan-activity;sid:81583061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719959)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"115.61.112.168"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719959/; classtype:trojan-activity;sid:81583059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719958)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"118.75.243.245"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719958/; classtype:trojan-activity;sid:81583058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719957)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yahoo-share/sites/kufpnw3yivqdkqt2uon/"; depth:39; endswith; http.host; content:"exploitthub.com"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719957/; classtype:trojan-activity;sid:81583057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719956)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"115.50.101.159"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719956/; classtype:trojan-activity;sid:81583056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719952)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"112.237.174.173"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719952/; classtype:trojan-activity;sid:81583052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719954)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"116.24.102.19"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719954/; classtype:trojan-activity;sid:81583054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719955)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"116.72.83.95"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719955/; classtype:trojan-activity;sid:81583055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719953)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"117.222.160.51"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719953/; classtype:trojan-activity;sid:81583053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719951)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"115.55.158.71"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719951/; classtype:trojan-activity;sid:81583051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719950)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; http.host; content:"119.183.61.134"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719950/; classtype:trojan-activity;sid:81583050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719949)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/form/3zzja73tpl-00089811/"; depth:35; endswith; http.host; content:"amlakbagherian.com"; depth:18; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719949/; classtype:trojan-activity;sid:81583049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719948)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; http.host; content:"120.56.119.116"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719948/; classtype:trojan-activity;sid:81583048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719947)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wordpress/paclm/ist9hufopviv8se/"; depth:33; endswith; http.host; content:"lx-666.com"; depth:10; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719947/; classtype:trojan-activity;sid:81583047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719946)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; http.host; content:"61.53.90.66"; depth:11; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719946/; classtype:trojan-activity;sid:81583046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719945)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-includes/overview/8zknelcriwpg9yw/"; depth:38; endswith; http.host; content:"first-decision.com.cn"; depth:21; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719945/; classtype:trojan-activity;sid:81583045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719944)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; http.host; content:"65.172.242.51"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719944/; classtype:trojan-activity;sid:81583044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719943)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; http.host; content:"45.176.108.227"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719943/; classtype:trojan-activity;sid:81583043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719941)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"61.53.87.71"; depth:11; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719941/; classtype:trojan-activity;sid:81583041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719942)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp/form/vzys/"; depth:14; endswith; http.host; content:"kashmirhoney.com.pk"; depth:19; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719942/; classtype:trojan-activity;sid:81583042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719940)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"27.6.186.146"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719940/; classtype:trojan-activity;sid:81583040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719939)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"45.176.109.55"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719939/; classtype:trojan-activity;sid:81583039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719934)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"27.220.250.19"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719934/; classtype:trojan-activity;sid:81583034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719937)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"39.79.81.119"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719937/; classtype:trojan-activity;sid:81583037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719933)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"39.86.253.194"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719933/; classtype:trojan-activity;sid:81583033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719938)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"42.230.178.111"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719938/; classtype:trojan-activity;sid:81583038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719935)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"42.230.39.15"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719935/; classtype:trojan-activity;sid:81583035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719936)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"42.237.27.208"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719936/; classtype:trojan-activity;sid:81583036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719932)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"42.231.252.43"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719932/; classtype:trojan-activity;sid:81583032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719931)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"219.154.118.227"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719931/; classtype:trojan-activity;sid:81583031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719930)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"222.138.99.64"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719930/; classtype:trojan-activity;sid:81583030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719929)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"222.137.40.122"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719929/; classtype:trojan-activity;sid:81583029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719928)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"223.11.60.152"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719928/; classtype:trojan-activity;sid:81583028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719927)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"27.207.193.149"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719927/; classtype:trojan-activity;sid:81583027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719926)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"210.18.153.105"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719926/; classtype:trojan-activity;sid:81583026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719925)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"125.42.123.161"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719925/; classtype:trojan-activity;sid:81583025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719924)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"125.45.63.70"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719924/; classtype:trojan-activity;sid:81583024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719923)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"175.44.151.233"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719923/; classtype:trojan-activity;sid:81583023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719922)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"182.121.40.205"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719922/; classtype:trojan-activity;sid:81583022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719921)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; http.host; content:"222.103.239.170"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719921/; classtype:trojan-activity;sid:81583021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719920)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cgi-bin/lm/exje1vqm/y5dsh3tg9y3t9/"; depth:35; endswith; http.host; content:"avanospetrol.com.tr"; depth:19; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719920/; classtype:trojan-activity;sid:81583020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719919)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"123.129.91.62"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719919/; classtype:trojan-activity;sid:81583019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719917)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"123.10.31.170"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719917/; classtype:trojan-activity;sid:81583017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719916)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/site/llc/"; depth:10; endswith; http.host; content:"pk35vantaa.urheilutekstiilit.fi"; depth:31; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719916/; classtype:trojan-activity;sid:81583016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719918)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/js/05lqe52ic//"; depth:15; endswith; http.host; content:"suventa.com.mx"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719918/; classtype:trojan-activity;sid:81583018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719913)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"119.167.27.204"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719913/; classtype:trojan-activity;sid:81583013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719914)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; http.host; content:"14.46.190.42"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719914/; classtype:trojan-activity;sid:81583014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719915)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/quiz_empire_backend/uploads/kzz52wa/2kv2l0c/"; depth:45; endswith; http.host; content:"staging-server.in"; depth:17; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719915/; classtype:trojan-activity;sid:81583015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719912)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"117.242.209.189"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719912/; classtype:trojan-activity;sid:81583012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719908)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"117.202.71.34"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719908/; classtype:trojan-activity;sid:81583008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719911)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"117.202.78.20"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719911/; classtype:trojan-activity;sid:81583011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719905)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"119.118.95.11"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719905/; classtype:trojan-activity;sid:81583005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719906)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"119.180.192.35"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719906/; classtype:trojan-activity;sid:81583006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719909)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nsw-highways/paclm/"; depth:20; endswith; http.host; content:"clubedagestora.com.br"; depth:21; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719909/; classtype:trojan-activity;sid:81583009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719910)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cgi-bin/balance/ce8g3gsnfy6s9wr6j4a8/"; depth:38; endswith; http.host; content:"excellentic.com"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719910/; classtype:trojan-activity;sid:81583010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719907)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sys-cache/document/dtx6b270tkqnh/"; depth:34; endswith; http.host; content:"imasurvivor.co"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719907/; classtype:trojan-activity;sid:81583007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719904)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cbd-distillate/lm/n7fwcuvi7bwa/"; depth:32; endswith; http.host; content:"virtual-event-service.ch"; depth:24; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719904/; classtype:trojan-activity;sid:81583004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719903)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; http.host; content:"125.46.166.10"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719903/; classtype:trojan-activity;sid:81583003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719896)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"112.254.177.156"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719896/; classtype:trojan-activity;sid:81582996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719894)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"112.27.124.117"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719894/; classtype:trojan-activity;sid:81582994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719901)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"113.232.243.109"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719901/; classtype:trojan-activity;sid:81583001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719898)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"115.50.245.219"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719898/; classtype:trojan-activity;sid:81582998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719902)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"115.54.197.253"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719902/; classtype:trojan-activity;sid:81583002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719900)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"115.55.113.10"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719900/; classtype:trojan-activity;sid:81583000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719895)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"115.56.131.107"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719895/; classtype:trojan-activity;sid:81582995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719899)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"115.59.15.143"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719899/; classtype:trojan-activity;sid:81582999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719897)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"115.61.106.11"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719897/; classtype:trojan-activity;sid:81582997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719893)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"125.42.98.87"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719893/; classtype:trojan-activity;sid:81582993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719891)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"123.9.199.235"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719891/; classtype:trojan-activity;sid:81582991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719892)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"42.224.115.129"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719892/; classtype:trojan-activity;sid:81582992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719888)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"106.0.56.32"; depth:11; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719888/; classtype:trojan-activity;sid:81582988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719890)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.59.202.0"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719890/; classtype:trojan-activity;sid:81582990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719889)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"189.51.125.53"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719889/; classtype:trojan-activity;sid:81582989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719887)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"115.52.238.174"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719887/; classtype:trojan-activity;sid:81582987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719884)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.124.75.196"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719884/; classtype:trojan-activity;sid:81582984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719885)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"200.123.234.72"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719885/; classtype:trojan-activity;sid:81582985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719886)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"58.248.119.166"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719886/; classtype:trojan-activity;sid:81582986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719883)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"93.181.204.118"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719883/; classtype:trojan-activity;sid:81582983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719882)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"115.50.96.115"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719882/; classtype:trojan-activity;sid:81582982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719881)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"125.42.99.242"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719881/; classtype:trojan-activity;sid:81582981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719880)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; http.host; content:"27.206.194.236"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719880/; classtype:trojan-activity;sid:81582980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719879)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; http.host; content:"61.53.90.66"; depth:11; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719879/; classtype:trojan-activity;sid:81582979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719878)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/v2/docs/315340822231/580bljseu-0007767/"; depth:40; endswith; http.host; content:"www.zuschmann.at"; depth:16; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719878/; classtype:trojan-activity;sid:81582978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719877)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/frontier/etrac/xnkmrkxkgiuc4qf/"; depth:32; endswith; http.host; content:"stbedesdarlington.bhcet.org.uk"; depth:30; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719877/; classtype:trojan-activity;sid:81582977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719876)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"219.157.224.99"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719876/; classtype:trojan-activity;sid:81582976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719875)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"202.150.180.188"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719875/; classtype:trojan-activity;sid:81582975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719874)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"27.223.156.254"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719874/; classtype:trojan-activity;sid:81582974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719872)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"210.1.206.103"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719872/; classtype:trojan-activity;sid:81582972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719873)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"92.44.191.12"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719873/; classtype:trojan-activity;sid:81582973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719871)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"219.154.115.234"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719871/; classtype:trojan-activity;sid:81582971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719868)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"219.154.125.107"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719868/; classtype:trojan-activity;sid:81582968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719870)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"221.15.216.126"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719870/; classtype:trojan-activity;sid:81582970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719869)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"222.139.77.241"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719869/; classtype:trojan-activity;sid:81582969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719865)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"222.138.37.57"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719865/; classtype:trojan-activity;sid:81582965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719866)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"27.194.27.3"; depth:11; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719866/; classtype:trojan-activity;sid:81582966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719867)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"27.206.247.239"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719867/; classtype:trojan-activity;sid:81582967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719864)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"42.235.178.92"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719864/; classtype:trojan-activity;sid:81582964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719863)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; http.host; content:"125.46.166.10"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719863/; classtype:trojan-activity;sid:81582963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719862)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"171.125.7.181"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719862/; classtype:trojan-activity;sid:81582962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719861)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/invoice/u5pvy8z43v-097462/"; depth:36; endswith; http.host; content:"petlele.co.za"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719861/; classtype:trojan-activity;sid:81582961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719860)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"125.43.35.231"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719860/; classtype:trojan-activity;sid:81582960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719858)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"125.46.136.219"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719858/; classtype:trojan-activity;sid:81582958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719856)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.113.210.232"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719856/; classtype:trojan-activity;sid:81582956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719859)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.116.111.82"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719859/; classtype:trojan-activity;sid:81582959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719857)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.120.50.161"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719857/; classtype:trojan-activity;sid:81582957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719855)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.121.125.100"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719855/; classtype:trojan-activity;sid:81582955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719854)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"125.47.47.31"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719854/; classtype:trojan-activity;sid:81582954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719852)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"125.47.85.70"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719852/; classtype:trojan-activity;sid:81582952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719853)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.126.85.148"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719853/; classtype:trojan-activity;sid:81582953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719851)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"116.72.195.17"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719851/; classtype:trojan-activity;sid:81582951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719849)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"115.61.111.116"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719849/; classtype:trojan-activity;sid:81582949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719850)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"117.247.101.14"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719850/; classtype:trojan-activity;sid:81582950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719843)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"115.56.129.166"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719843/; classtype:trojan-activity;sid:81582943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719845)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"115.56.219.177"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719845/; classtype:trojan-activity;sid:81582945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719846)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"116.28.212.55"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719846/; classtype:trojan-activity;sid:81582946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719847)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"117.211.43.192"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719847/; classtype:trojan-activity;sid:81582947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719848)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"117.211.54.154"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719848/; classtype:trojan-activity;sid:81582948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719842)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"119.189.175.138"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719842/; classtype:trojan-activity;sid:81582942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719844)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"124.135.165.168"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719844/; classtype:trojan-activity;sid:81582944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719841)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"112.238.179.188"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719841/; classtype:trojan-activity;sid:81582941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719839)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"106.0.58.194"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719839/; classtype:trojan-activity;sid:81582939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719840)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"112.27.124.153"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719840/; classtype:trojan-activity;sid:81582940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719838)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"103.99.207.151"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719838/; classtype:trojan-activity;sid:81582938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719837)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; http.host; content:"170.78.38.146"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719837/; classtype:trojan-activity;sid:81582937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719835)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"1.0.217.113"; depth:11; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719835/; classtype:trojan-activity;sid:81582935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719836)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"110.85.99.222"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719836/; classtype:trojan-activity;sid:81582936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719834)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"115.48.144.117"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719834/; classtype:trojan-activity;sid:81582934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719831)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"115.48.206.32"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719831/; classtype:trojan-activity;sid:81582931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719832)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"115.54.208.202"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719832/; classtype:trojan-activity;sid:81582932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719833)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"115.55.129.254"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719833/; classtype:trojan-activity;sid:81582933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719830)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; http.host; content:"27.207.163.140"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719830/; classtype:trojan-activity;sid:81582930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719828)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; http.host; content:"65.172.242.51"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719828/; classtype:trojan-activity;sid:81582928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719829)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/shell-tf/inc/znw28j33dmieufz9mkte/"; depth:35; endswith; http.host; content:"h903123025.nichost.ru"; depth:21; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719829/; classtype:trojan-activity;sid:81582929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719827)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; http.host; content:"27.207.163.140"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719827/; classtype:trojan-activity;sid:81582927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719826)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/macd-histogram/llc/ebkmnlzacq26wrc/"; depth:36; endswith; http.host; content:"we-commerce.com.ar"; depth:18; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719826/; classtype:trojan-activity;sid:81582926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719825)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; http.host; content:"182.112.94.222"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719825/; classtype:trojan-activity;sid:81582925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719824)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download-running/overview/bmfxftb/"; depth:35; endswith; http.host; content:"montanamaria.pt"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719824/; classtype:trojan-activity;sid:81582924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719823)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; http.host; content:"27.206.194.236"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719823/; classtype:trojan-activity;sid:81582923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719822)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cgi-bin/etrac/kkg5vzhjyk9ec/"; depth:29; endswith; http.host; content:"itegroup.al"; depth:11; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719822/; classtype:trojan-activity;sid:81582922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719821)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"60.243.120.161"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719821/; classtype:trojan-activity;sid:81582921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719820)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"45.115.255.81"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719820/; classtype:trojan-activity;sid:81582920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719819)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; http.host; content:"115.58.133.255"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719819/; classtype:trojan-activity;sid:81582919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719815)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"42.230.150.49"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719815/; classtype:trojan-activity;sid:81582915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719817)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"42.235.93.192"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719817/; classtype:trojan-activity;sid:81582917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719818)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"42.238.168.185"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719818/; classtype:trojan-activity;sid:81582918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719816)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"61.53.81.223"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719816/; classtype:trojan-activity;sid:81582916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719814)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"61.53.85.38"; depth:11; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719814/; classtype:trojan-activity;sid:81582914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719813)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/images/3606911157/hz5y5ud5nneimiqwvrw/"; depth:39; endswith; http.host; content:"unitedstarsfa.com"; depth:17; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719813/; classtype:trojan-activity;sid:81582913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719812)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"27.6.184.188"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719812/; classtype:trojan-activity;sid:81582912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719811)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"42.229.152.235"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719811/; classtype:trojan-activity;sid:81582911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719805)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.121.230.36"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719805/; classtype:trojan-activity;sid:81582905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719810)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"190.27.163.27"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719810/; classtype:trojan-activity;sid:81582910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719809)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"221.14.123.201"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719809/; classtype:trojan-activity;sid:81582909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719807)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"222.138.52.94"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719807/; classtype:trojan-activity;sid:81582907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719803)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"39.79.223.91"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719803/; classtype:trojan-activity;sid:81582903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719804)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"42.224.20.78"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719804/; classtype:trojan-activity;sid:81582904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719806)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"42.229.189.239"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719806/; classtype:trojan-activity;sid:81582906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719808)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"42.230.101.175"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719808/; classtype:trojan-activity;sid:81582908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719802)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"219.154.183.168"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719802/; classtype:trojan-activity;sid:81582902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719799)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"123.4.245.128"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719799/; classtype:trojan-activity;sid:81582899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719801)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.114.87.227"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719801/; classtype:trojan-activity;sid:81582901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719800)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.121.202.63"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719800/; classtype:trojan-activity;sid:81582900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719798)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"115.96.152.226"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719798/; classtype:trojan-activity;sid:81582898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719795)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"112.249.114.118"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719795/; classtype:trojan-activity;sid:81582895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719796)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"113.116.224.204"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719796/; classtype:trojan-activity;sid:81582896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719797)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"116.74.135.97"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719797/; classtype:trojan-activity;sid:81582897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719794)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"113.118.24.78"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719794/; classtype:trojan-activity;sid:81582894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719793)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/llc/sklmy6wbyokxncs/"; depth:30; endswith; http.host; content:"napolice.info"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719793/; classtype:trojan-activity;sid:81582893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719791)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"112.17.152.195"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719791/; classtype:trojan-activity;sid:81582891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719792)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"117.222.167.66"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719792/; classtype:trojan-activity;sid:81582892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719790)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"113.81.114.92"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719790/; classtype:trojan-activity;sid:81582890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719789)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"115.49.215.106"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719789/; classtype:trojan-activity;sid:81582889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719786)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"115.48.191.172"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719786/; classtype:trojan-activity;sid:81582886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719788)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"115.55.131.58"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719788/; classtype:trojan-activity;sid:81582888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719787)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"119.123.172.12"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719787/; classtype:trojan-activity;sid:81582887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719785)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; http.host; content:"39.73.111.242"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719785/; classtype:trojan-activity;sid:81582885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719784)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/zng0p3kppt/6276930748/hyhpucqg/"; depth:41; endswith; http.host; content:"phonghanh.com"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719784/; classtype:trojan-activity;sid:81582884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719783)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; http.host; content:"86.136.28.196"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719783/; classtype:trojan-activity;sid:81582883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719782)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; http.host; content:"42.224.141.162"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719782/; classtype:trojan-activity;sid:81582882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719781)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; http.host; content:"182.112.94.222"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719781/; classtype:trojan-activity;sid:81582881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719780)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; http.host; content:"42.235.139.154"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719780/; classtype:trojan-activity;sid:81582880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719778)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; http.host; content:"119.167.29.232"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719778/; classtype:trojan-activity;sid:81582878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719779)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-includes/llc/vcbilqafimxfcvbz/"; depth:34; endswith; http.host; content:"irangamelub.ir"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719779/; classtype:trojan-activity;sid:81582879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719776)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/iz/"; depth:15; endswith; http.host; content:"wizzdomhub.com"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719776/; classtype:trojan-activity;sid:81582876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719777)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-includes/we/"; depth:16; endswith; http.host; content:"yixuecourse.com"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719777/; classtype:trojan-activity;sid:81582877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719775)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/scss/bhd/"; depth:10; endswith; http.host; content:"zionimmigration.com"; depth:19; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719775/; classtype:trojan-activity;sid:81582875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719774)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pms/application/language/e/"; depth:28; endswith; http.host; content:"estylohouse.com"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719774/; classtype:trojan-activity;sid:81582874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719773)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/5h/"; depth:13; endswith; http.host; content:"layagroup.net"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719773/; classtype:trojan-activity;sid:81582873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719771)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/4y/"; depth:15; endswith; http.host; content:"77wins.club"; depth:11; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719771/; classtype:trojan-activity;sid:81582871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719772)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/1/"; depth:14; endswith; http.host; content:"vivoslotpulsa.com"; depth:17; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719772/; classtype:trojan-activity;sid:81582872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719770)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/brightline-accident/doc/t8vpzde0quqjiwt7ppe/"; depth:45; endswith; http.host; content:"addmich.com"; depth:11; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719770/; classtype:trojan-activity;sid:81582870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719769)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/pages/wc5jed0v6pe/"; depth:28; endswith; http.host; content:"eynolghozat.ir"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719769/; classtype:trojan-activity;sid:81582869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719768)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/album_566862f3144d2b5a0923fc916423dd7a/dccvyhzel/"; depth:50; endswith; http.host; content:"eco100cia.com.mx"; depth:16; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719768/; classtype:trojan-activity;sid:81582868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719767)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; http.host; content:"183.97.165.43"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719767/; classtype:trojan-activity;sid:81582867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719766)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"41.86.21.36"; depth:11; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719766/; classtype:trojan-activity;sid:81582866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719765)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"39.68.75.225"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719765/; classtype:trojan-activity;sid:81582865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719764)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"42.224.19.105"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719764/; classtype:trojan-activity;sid:81582864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719763)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"39.88.39.129"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719763/; classtype:trojan-activity;sid:81582863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719762)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"42.230.88.45"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719762/; classtype:trojan-activity;sid:81582862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719757)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"27.7.160.57"; depth:11; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719757/; classtype:trojan-activity;sid:81582857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719758)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"42.232.118.164"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719758/; classtype:trojan-activity;sid:81582858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719761)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"58.231.131.20"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719761/; classtype:trojan-activity;sid:81582861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719760)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"60.243.123.27"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719760/; classtype:trojan-activity;sid:81582860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719759)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"61.53.109.253"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719759/; classtype:trojan-activity;sid:81582859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719753)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"27.207.159.241"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719753/; classtype:trojan-activity;sid:81582853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719754)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"39.81.94.75"; depth:11; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719754/; classtype:trojan-activity;sid:81582854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719756)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"42.230.224.210"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719756/; classtype:trojan-activity;sid:81582856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719752)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"42.231.127.132"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719752/; classtype:trojan-activity;sid:81582852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719755)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"59.180.160.17"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719755/; classtype:trojan-activity;sid:81582855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719751)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.119.10.217"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719751/; classtype:trojan-activity;sid:81582851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719750)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"124.129.169.32"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719750/; classtype:trojan-activity;sid:81582850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719749)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"124.131.93.62"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719749/; classtype:trojan-activity;sid:81582849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719748)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"123.4.208.21"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719748/; classtype:trojan-activity;sid:81582848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719741)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"125.41.140.213"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719741/; classtype:trojan-activity;sid:81582841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719745)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.112.22.121"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719745/; classtype:trojan-activity;sid:81582845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719744)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"182.113.207.182"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719744/; classtype:trojan-activity;sid:81582844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719743)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.113.30.19"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719743/; classtype:trojan-activity;sid:81582843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719746)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.119.178.12"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719746/; classtype:trojan-activity;sid:81582846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719747)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.126.99.189"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719747/; classtype:trojan-activity;sid:81582847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719742)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"222.141.174.215"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719742/; classtype:trojan-activity;sid:81582842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719740)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"115.50.209.182"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719740/; classtype:trojan-activity;sid:81582840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719739)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/prayers-to/overview/jpzwxdduj9/"; depth:32; endswith; http.host; content:"gogvopviks.ml"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719739/; classtype:trojan-activity;sid:81582839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719737)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"103.82.148.233"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719737/; classtype:trojan-activity;sid:81582837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719738)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"117.222.162.156"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719738/; classtype:trojan-activity;sid:81582838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719734)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"112.255.72.130"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719734/; classtype:trojan-activity;sid:81582834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719733)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"115.48.159.10"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719733/; classtype:trojan-activity;sid:81582833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719736)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"115.54.241.156"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719736/; classtype:trojan-activity;sid:81582836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719732)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"115.56.148.43"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719732/; classtype:trojan-activity;sid:81582832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719731)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"116.75.195.192"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719731/; classtype:trojan-activity;sid:81582831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719735)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"117.192.225.251"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719735/; classtype:trojan-activity;sid:81582835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719730)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"119.123.216.171"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719730/; classtype:trojan-activity;sid:81582830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719729)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"119.167.38.215"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719729/; classtype:trojan-activity;sid:81582829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719728)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; http.host; content:"187.103.81.58"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719728/; classtype:trojan-activity;sid:81582828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719727)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; http.host; content:"42.224.141.162"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719727/; classtype:trojan-activity;sid:81582827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719726)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; http.host; content:"39.73.111.242"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719726/; classtype:trojan-activity;sid:81582826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719725)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/foodcrushbyaarushi.com/balance/vwmef/"; depth:38; endswith; http.host; content:"foodcrushbyaarushi.com"; depth:22; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719725/; classtype:trojan-activity;sid:81582825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719724)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/urology-away/9niscvqxk38aytsal/"; depth:32; endswith; http.host; content:"trukoradio.com"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719724/; classtype:trojan-activity;sid:81582824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719723)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; http.host; content:"117.222.164.84"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719723/; classtype:trojan-activity;sid:81582823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719722)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins//cfcucoff.x86"; depth:19; endswith; http.host; content:"185.172.111.202"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719722/; classtype:trojan-activity;sid:81582822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719721)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/assets/llc/gu24dlcofg/"; depth:23; endswith; http.host; content:"webinar-service.com"; depth:19; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719721/; classtype:trojan-activity;sid:81582821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719720)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; http.host; content:"42.235.158.234"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719720/; classtype:trojan-activity;sid:81582820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719719)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"59.99.41.59"; depth:11; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719719/; classtype:trojan-activity;sid:81582819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719718)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"27.6.79.242"; depth:11; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719718/; classtype:trojan-activity;sid:81582818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719717)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"45.168.226.123"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719717/; classtype:trojan-activity;sid:81582817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719716)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"27.207.249.232"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719716/; classtype:trojan-activity;sid:81582816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719715)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"39.74.106.181"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719715/; classtype:trojan-activity;sid:81582815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719714)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"59.94.182.12"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719714/; classtype:trojan-activity;sid:81582814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719713)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"59.93.239.169"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719713/; classtype:trojan-activity;sid:81582813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719711)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"222.141.47.250"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719711/; classtype:trojan-activity;sid:81582811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719706)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"31.163.164.213"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719706/; classtype:trojan-activity;sid:81582806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719709)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"42.224.174.129"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719709/; classtype:trojan-activity;sid:81582809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719712)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"42.224.24.106"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719712/; classtype:trojan-activity;sid:81582812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719710)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"42.230.217.13"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719710/; classtype:trojan-activity;sid:81582810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719705)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; http.host; content:"42.232.44.82"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719705/; classtype:trojan-activity;sid:81582805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719708)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"42.235.123.16"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719708/; classtype:trojan-activity;sid:81582808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719707)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"42.235.179.32"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719707/; classtype:trojan-activity;sid:81582807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719704)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.56.81.48"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719704/; classtype:trojan-activity;sid:81582804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719703)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"221.15.63.93"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719703/; classtype:trojan-activity;sid:81582803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719702)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; http.host; content:"27.207.68.53"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719702/; classtype:trojan-activity;sid:81582802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719701)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.121.77.154"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719701/; classtype:trojan-activity;sid:81582801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719699)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.56.49.245"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719699/; classtype:trojan-activity;sid:81582799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719698)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.59.117.24"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719698/; classtype:trojan-activity;sid:81582798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719700)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"222.137.194.169"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719700/; classtype:trojan-activity;sid:81582800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719697)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"180.214.135.72"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719697/; classtype:trojan-activity;sid:81582797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719692)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"182.113.222.233"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719692/; classtype:trojan-activity;sid:81582792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719695)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.120.144.54"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719695/; classtype:trojan-activity;sid:81582795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719696)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.120.167.39"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719696/; classtype:trojan-activity;sid:81582796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719693)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.121.131.64"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719693/; classtype:trojan-activity;sid:81582793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719694)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.121.85.31"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719694/; classtype:trojan-activity;sid:81582794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719691)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"116.72.91.109"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719691/; classtype:trojan-activity;sid:81582791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719690)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"117.213.47.120"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719690/; classtype:trojan-activity;sid:81582790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719689)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"123.5.151.135"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719689/; classtype:trojan-activity;sid:81582789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719688)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/os/report/mn/"; depth:14; endswith; http.host; content:"mribeiroinformatica.com.br"; depth:26; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719688/; classtype:trojan-activity;sid:81582788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719687)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"119.56.144.135"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719687/; classtype:trojan-activity;sid:81582787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719683)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"115.56.56.129"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719683/; classtype:trojan-activity;sid:81582783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719685)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"115.99.199.26"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719685/; classtype:trojan-activity;sid:81582785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719682)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"117.202.79.31"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719682/; classtype:trojan-activity;sid:81582782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719680)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"119.183.27.190"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719680/; classtype:trojan-activity;sid:81582780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719681)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"121.61.97.62"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719681/; classtype:trojan-activity;sid:81582781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719686)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"125.41.182.9"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719686/; classtype:trojan-activity;sid:81582786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719684)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"125.41.79.26"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719684/; classtype:trojan-activity;sid:81582784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719679)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"125.42.121.156"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719679/; classtype:trojan-activity;sid:81582779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719678)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"112.242.117.88"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719678/; classtype:trojan-activity;sid:81582778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719677)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"112.242.177.4"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719677/; classtype:trojan-activity;sid:81582777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719674)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"103.207.1.146"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719674/; classtype:trojan-activity;sid:81582774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719675)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"112.53.227.65"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719675/; classtype:trojan-activity;sid:81582775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719676)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"113.59.191.107"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719676/; classtype:trojan-activity;sid:81582776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719673)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"115.48.145.110"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719673/; classtype:trojan-activity;sid:81582773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719670)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"109.207.107.135"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719670/; classtype:trojan-activity;sid:81582770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719668)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"112.229.33.149"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719668/; classtype:trojan-activity;sid:81582768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719671)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"112.242.93.160"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719671/; classtype:trojan-activity;sid:81582771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719672)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"112.247.101.71"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719672/; classtype:trojan-activity;sid:81582772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719669)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"115.50.41.114"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719669/; classtype:trojan-activity;sid:81582769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719667)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; http.host; content:"5.42.92.71"; depth:10; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719667/; classtype:trojan-activity;sid:81582767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719666)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/cv6cv89w"; depth:13; endswith; http.host; content:"pastebin.com"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719666/; classtype:trojan-activity;sid:81582766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719665)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cgi-bin/public/hb9q43gnlhpdpi/"; depth:31; endswith; http.host; content:"support.bunchful.com"; depth:20; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719665/; classtype:trojan-activity;sid:81582765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719664)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; http.host; content:"42.235.158.234"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719664/; classtype:trojan-activity;sid:81582764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719663)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/js/05lqe52ic/"; depth:14; endswith; http.host; content:"suventa.com.mx"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719663/; classtype:trojan-activity;sid:81582763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719662)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/is-gasoline/swift/892978/7igv0gw-0096585/"; depth:42; endswith; http.host; content:"soucho.pk"; depth:9; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719662/; classtype:trojan-activity;sid:81582762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719661)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"59.92.181.104"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719661/; classtype:trojan-activity;sid:81582761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719659)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"60.243.119.219"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719659/; classtype:trojan-activity;sid:81582759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719658)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"61.53.116.235"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719658/; classtype:trojan-activity;sid:81582758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719660)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"92.54.237.61"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719660/; classtype:trojan-activity;sid:81582760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719657)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; http.host; content:"27.207.68.53"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719657/; classtype:trojan-activity;sid:81582757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719654)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"42.227.243.77"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719654/; classtype:trojan-activity;sid:81582754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719656)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"42.228.192.249"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719656/; classtype:trojan-activity;sid:81582756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719655)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"43.247.30.228"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719655/; classtype:trojan-activity;sid:81582755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719653)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; http.host; content:"182.59.189.188"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719653/; classtype:trojan-activity;sid:81582753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719652)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"218.150.243.158"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719652/; classtype:trojan-activity;sid:81582752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719651)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"219.157.133.32"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719651/; classtype:trojan-activity;sid:81582751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719648)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"221.15.11.9"; depth:11; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719648/; classtype:trojan-activity;sid:81582748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719649)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"222.74.186.174"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719649/; classtype:trojan-activity;sid:81582749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719646)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"27.194.109.148"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719646/; classtype:trojan-activity;sid:81582746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719650)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"27.207.193.184"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719650/; classtype:trojan-activity;sid:81582750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719647)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"27.210.129.21"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719647/; classtype:trojan-activity;sid:81582747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719643)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.114.94.93"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719643/; classtype:trojan-activity;sid:81582743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719644)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.117.49.70"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719644/; classtype:trojan-activity;sid:81582744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719645)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; http.host; content:"187.103.81.58"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719645/; classtype:trojan-activity;sid:81582745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719642)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.119.202.11"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719642/; classtype:trojan-activity;sid:81582742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719641)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"125.44.180.213"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719641/; classtype:trojan-activity;sid:81582741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719639)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"125.44.74.142"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719639/; classtype:trojan-activity;sid:81582739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719637)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"125.46.197.151"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719637/; classtype:trojan-activity;sid:81582737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719638)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.112.26.185"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719638/; classtype:trojan-activity;sid:81582738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719640)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.121.186.241"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719640/; classtype:trojan-activity;sid:81582740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719636)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.127.178.88"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719636/; classtype:trojan-activity;sid:81582736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719634)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"125.41.97.88"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719634/; classtype:trojan-activity;sid:81582734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719635)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"182.114.86.245"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719635/; classtype:trojan-activity;sid:81582735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719633)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"182.116.65.233"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719633/; classtype:trojan-activity;sid:81582733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719632)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"116.72.203.89"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719632/; classtype:trojan-activity;sid:81582732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719631)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"113.59.164.135"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719631/; classtype:trojan-activity;sid:81582731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719630)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"103.97.138.249"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719630/; classtype:trojan-activity;sid:81582730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719629)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"116.26.34.14"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719629/; classtype:trojan-activity;sid:81582729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719620)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"112.238.149.210"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719620/; classtype:trojan-activity;sid:81582720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719621)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"112.248.191.180"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719621/; classtype:trojan-activity;sid:81582721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719628)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"114.238.181.50"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719628/; classtype:trojan-activity;sid:81582728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719623)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"115.50.103.4"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719623/; classtype:trojan-activity;sid:81582723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719627)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"115.50.22.16"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719627/; classtype:trojan-activity;sid:81582727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719626)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"115.50.47.127"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719626/; classtype:trojan-activity;sid:81582726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719622)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"115.61.175.112"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719622/; classtype:trojan-activity;sid:81582722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719625)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"123.14.26.69"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719625/; classtype:trojan-activity;sid:81582725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719624)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"123.4.179.75"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719624/; classtype:trojan-activity;sid:81582724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719619)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/js/esp/odtsgudjxpwrtyo/"; depth:24; endswith; http.host; content:"menusdigitales.teksi.mx"; depth:23; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719619/; classtype:trojan-activity;sid:81582719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719618)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/biwe_zibofyra/ripy_lani.phpl=qedux14.cab"; depth:41; endswith; http.host; content:"ym5zuxo.com"; depth:11; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719618/; classtype:trojan-activity;sid:81582718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719617)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/documentation/tjmsrzqur4x/"; depth:38; endswith; http.host; content:"forcesight.in"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719617/; classtype:trojan-activity;sid:81582717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719616)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/indexing/esp/awwsr/"; depth:20; endswith; http.host; content:"thinkapply.co.uk"; depth:16; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719616/; classtype:trojan-activity;sid:81582716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719615)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/biwe_zibofyra/ripy_lani.phpl=qedux11.cab"; depth:41; endswith; http.host; content:"ym5zuxo.com"; depth:11; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719615/; classtype:trojan-activity;sid:81582715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719613)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/biwe_zibofyra/ripy_lani.phpl=qedux16.cab"; depth:41; endswith; http.host; content:"ym5zuxo.com"; depth:11; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719613/; classtype:trojan-activity;sid:81582713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719614)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/biwe_zibofyra/ripy_lani.phpl=qedux17.cab"; depth:41; endswith; http.host; content:"ym5zuxo.com"; depth:11; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719614/; classtype:trojan-activity;sid:81582714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719611)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/biwe_zibofyra/ripy_lani.phpl=qedux12.cab"; depth:41; endswith; http.host; content:"ym5zuxo.com"; depth:11; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719611/; classtype:trojan-activity;sid:81582711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719612)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/biwe_zibofyra/ripy_lani.phpl=qedux13.cab"; depth:41; endswith; http.host; content:"ym5zuxo.com"; depth:11; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719612/; classtype:trojan-activity;sid:81582712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719610)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/biwe_zibofyra/ripy_lani.phpl=qedux15.cab"; depth:41; endswith; http.host; content:"ym5zuxo.com"; depth:11; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719610/; classtype:trojan-activity;sid:81582710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719609)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/biwe_zibofyra/ripy_lani.phpl=qedux18.cab"; depth:41; endswith; http.host; content:"ym5zuxo.com"; depth:11; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719609/; classtype:trojan-activity;sid:81582709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719606)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/biwe_zibofyra/ripy_lani.phpl=qedux12.cab"; depth:41; endswith; http.host; content:"xydf0m.com"; depth:10; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719606/; classtype:trojan-activity;sid:81582706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719607)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/biwe_zibofyra/ripy_lani.phpl=qedux10.cab"; depth:41; endswith; http.host; content:"ym5zuxo.com"; depth:11; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719607/; classtype:trojan-activity;sid:81582707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719608)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/biwe_zibofyra/ripy_lani.phpl=qedux6.cab"; depth:40; endswith; http.host; content:"ym5zuxo.com"; depth:11; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719608/; classtype:trojan-activity;sid:81582708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719605)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; http.host; content:"86.136.28.196"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719605/; classtype:trojan-activity;sid:81582705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719604)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/biwe_zibofyra/ripy_lani.phpl=qedux14.cab"; depth:41; endswith; http.host; content:"xydf0m.com"; depth:10; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719604/; classtype:trojan-activity;sid:81582704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719602)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/biwe_zibofyra/ripy_lani.phpl=qedux4.cab"; depth:40; endswith; http.host; content:"xydf0m.com"; depth:10; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719602/; classtype:trojan-activity;sid:81582702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719600)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/biwe_zibofyra/ripy_lani.phpl=qedux5.cab"; depth:40; endswith; http.host; content:"xydf0m.com"; depth:10; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719600/; classtype:trojan-activity;sid:81582700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719601)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/biwe_zibofyra/ripy_lani.phpl=qedux7.cab"; depth:40; endswith; http.host; content:"xydf0m.com"; depth:10; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719601/; classtype:trojan-activity;sid:81582701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719603)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/biwe_zibofyra/ripy_lani.phpl=qedux4.cab"; depth:40; endswith; http.host; content:"ym5zuxo.com"; depth:11; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719603/; classtype:trojan-activity;sid:81582703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719598)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/biwe_zibofyra/ripy_lani.phpl=qedux10.cab"; depth:41; endswith; http.host; content:"xydf0m.com"; depth:10; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719598/; classtype:trojan-activity;sid:81582698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719595)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/biwe_zibofyra/ripy_lani.phpl=qedux11.cab"; depth:41; endswith; http.host; content:"xydf0m.com"; depth:10; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719595/; classtype:trojan-activity;sid:81582695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719594)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/biwe_zibofyra/ripy_lani.phpl=qedux6.cab"; depth:40; endswith; http.host; content:"xydf0m.com"; depth:10; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719594/; classtype:trojan-activity;sid:81582694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719597)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/biwe_zibofyra/ripy_lani.phpl=qedux1.cab"; depth:40; endswith; http.host; content:"ym5zuxo.com"; depth:11; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719597/; classtype:trojan-activity;sid:81582697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719596)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/biwe_zibofyra/ripy_lani.phpl=qedux3.cab"; depth:40; endswith; http.host; content:"ym5zuxo.com"; depth:11; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719596/; classtype:trojan-activity;sid:81582696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719599)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/biwe_zibofyra/ripy_lani.phpl=qedux9.cab"; depth:40; endswith; http.host; content:"ym5zuxo.com"; depth:11; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719599/; classtype:trojan-activity;sid:81582699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719588)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/biwe_zibofyra/ripy_lani.phpl=qedux15.cab"; depth:41; endswith; http.host; content:"xydf0m.com"; depth:10; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719588/; classtype:trojan-activity;sid:81582688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719593)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/biwe_zibofyra/ripy_lani.phpl=qedux16.cab"; depth:41; endswith; http.host; content:"xydf0m.com"; depth:10; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719593/; classtype:trojan-activity;sid:81582693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719591)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/biwe_zibofyra/ripy_lani.phpl=qedux2.cab"; depth:40; endswith; http.host; content:"ym5zuxo.com"; depth:11; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719591/; classtype:trojan-activity;sid:81582691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719589)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/biwe_zibofyra/ripy_lani.phpl=qedux5.cab"; depth:40; endswith; http.host; content:"ym5zuxo.com"; depth:11; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719589/; classtype:trojan-activity;sid:81582689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719590)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/biwe_zibofyra/ripy_lani.phpl=qedux7.cab"; depth:40; endswith; http.host; content:"ym5zuxo.com"; depth:11; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719590/; classtype:trojan-activity;sid:81582690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719592)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/biwe_zibofyra/ripy_lani.phpl=qedux8.cab"; depth:40; endswith; http.host; content:"ym5zuxo.com"; depth:11; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719592/; classtype:trojan-activity;sid:81582692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719587)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/biwe_zibofyra/ripy_lani.phpl=qedux13.cab"; depth:41; endswith; http.host; content:"xydf0m.com"; depth:10; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719587/; classtype:trojan-activity;sid:81582687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719584)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/biwe_zibofyra/ripy_lani.phpl=qedux17.cab"; depth:41; endswith; http.host; content:"xydf0m.com"; depth:10; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719584/; classtype:trojan-activity;sid:81582684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719586)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/biwe_zibofyra/ripy_lani.phpl=qedux18.cab"; depth:41; endswith; http.host; content:"xydf0m.com"; depth:10; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719586/; classtype:trojan-activity;sid:81582686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719583)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/biwe_zibofyra/ripy_lani.phpl=qedux8.cab"; depth:40; endswith; http.host; content:"xydf0m.com"; depth:10; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719583/; classtype:trojan-activity;sid:81582683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719585)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/biwe_zibofyra/ripy_lani.phpl=qedux9.cab"; depth:40; endswith; http.host; content:"xydf0m.com"; depth:10; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719585/; classtype:trojan-activity;sid:81582685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719582)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/biwe_zibofyra/ripy_lani.phpl=qedux1.cab"; depth:40; endswith; http.host; content:"xydf0m.com"; depth:10; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719582/; classtype:trojan-activity;sid:81582682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719580)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/biwe_zibofyra/ripy_lani.phpl=qedux2.cab"; depth:40; endswith; http.host; content:"xydf0m.com"; depth:10; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719580/; classtype:trojan-activity;sid:81582680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719581)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/biwe_zibofyra/ripy_lani.phpl=qedux3.cab"; depth:40; endswith; http.host; content:"xydf0m.com"; depth:10; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719581/; classtype:trojan-activity;sid:81582681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719578)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; http.host; content:"112.237.89.236"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719578/; classtype:trojan-activity;sid:81582678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719579)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cgi-bin/doc/34fid8phvbm5/"; depth:26; endswith; http.host; content:"kusa.co.in"; depth:10; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719579/; classtype:trojan-activity;sid:81582679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719577)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; http.host; content:"119.56.144.65"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719577/; classtype:trojan-activity;sid:81582677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719576)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; http.host; content:"42.232.44.82"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719576/; classtype:trojan-activity;sid:81582676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719575)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; http.host; content:"160.178.91.36"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719575/; classtype:trojan-activity;sid:81582675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719574)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"60.243.127.68"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719574/; classtype:trojan-activity;sid:81582674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719573)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"222.137.159.185"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719573/; classtype:trojan-activity;sid:81582673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719571)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"45.170.198.254"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719571/; classtype:trojan-activity;sid:81582671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719572)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp/document/mf417zr7hzinzayf/"; depth:30; endswith; http.host; content:"byeold.ir"; depth:9; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719572/; classtype:trojan-activity;sid:81582672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719568)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"27.7.173.172"; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719568/; classtype:trojan-activity;sid:81582668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719567)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"49.82.227.129"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719567/; classtype:trojan-activity;sid:81582667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719570)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"60.214.87.249"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719570/; classtype:trojan-activity;sid:81582670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719569)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"60.215.220.196"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719569/; classtype:trojan-activity;sid:81582669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719566)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"42.235.179.218"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719566/; classtype:trojan-activity;sid:81582666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719564)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"61.53.0.37"; depth:10; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719564/; classtype:trojan-activity;sid:81582664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719565)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"61.53.124.153"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719565/; classtype:trojan-activity;sid:81582665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719563)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"180.136.107.39"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719563/; classtype:trojan-activity;sid:81582663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719560)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.114.126.204"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719560/; classtype:trojan-activity;sid:81582660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719562)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.116.101.145"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719562/; classtype:trojan-activity;sid:81582662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719561)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.58.232.26"; depth:13; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719561/; classtype:trojan-activity;sid:81582661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719558)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; http.host; content:"182.113.202.121"; depth:15; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719558/; classtype:trojan-activity;sid:81582658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (719557)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.117.67.122"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_19; reference:url, urlhaus.abuse.ch/url/719557/; classtype:trojan-activity;si