################################################################ # abuse.ch URLhaus IDS ruleset (Suricata only) # # Last updated: 2021-12-02 09:38:04 (UTC) # # # # Terms Of Use: https://urlhaus.abuse.ch/api/ # # For questions please contact urlhaus [at] abuse.ch # ################################################################ # # url alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844351)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"112.236.230.213"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844351/; classtype:trojan-activity;sid:82707451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844350)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.53.127.203"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844350/; classtype:trojan-activity;sid:82707450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844349)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.3.147.202"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844349/; classtype:trojan-activity;sid:82707449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844348)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.255.14.46"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844348/; classtype:trojan-activity;sid:82707448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844347)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.224.74.155"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844347/; classtype:trojan-activity;sid:82707447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844345)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.249.88.231"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844345/; classtype:trojan-activity;sid:82707445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844346)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.249.82.3"; depth:11; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844346/; classtype:trojan-activity;sid:82707446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844343)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.224.113.239"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844343/; classtype:trojan-activity;sid:82707443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844344)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.214.146.18"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844344/; classtype:trojan-activity;sid:82707444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844342)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.224.69.68"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844342/; classtype:trojan-activity;sid:82707442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844341)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"186.33.92.3"; depth:11; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844341/; classtype:trojan-activity;sid:82707441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844340)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.85.172.39"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844340/; classtype:trojan-activity;sid:82707440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844337)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.9.88.31"; depth:11; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844337/; classtype:trojan-activity;sid:82707437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844338)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.117.165.126"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844338/; classtype:trojan-activity;sid:82707438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844339)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.13.3.155"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844339/; classtype:trojan-activity;sid:82707439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844336)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/file/znppbz73odugi1v/8.doc/file"; depth:32; endswith; nocase; http.host; content:"www.mediafire.com"; depth:17; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844336/; classtype:trojan-activity;sid:82707436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844335)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.240.139.66"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844335/; classtype:trojan-activity;sid:82707435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844334)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.201.196.199"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844334/; classtype:trojan-activity;sid:82707434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844332)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.81.136.50"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844332/; classtype:trojan-activity;sid:82707432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844333)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/file/66v0m70xswjq7xo/9.doc/file"; depth:32; endswith; nocase; http.host; content:"www.mediafire.com"; depth:17; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844333/; classtype:trojan-activity;sid:82707433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844331)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.50.249.117"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844331/; classtype:trojan-activity;sid:82707431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844329)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.236.139.81"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844329/; classtype:trojan-activity;sid:82707429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844330)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"118.250.104.98"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844330/; classtype:trojan-activity;sid:82707430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844327)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1010/vbc.exe"; depth:13; endswith; nocase; http.host; content:"172.93.164.123"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844327/; classtype:trojan-activity;sid:82707427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844326)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/file/ptisxpgwuivaqxi/25.doc/file"; depth:33; endswith; nocase; http.host; content:"www.mediafire.com"; depth:17; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844326/; classtype:trojan-activity;sid:82707426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844324)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ugd/8db3b9_92ec48660f134f3bb502662383ca4ffb.txt|3f|dn=rendomtext"; depth:65; endswith; nocase; http.host; content:"8db3b91a-ea93-419b-b51b-0a69902759c5.usrfiles.com"; depth:49; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844324/; classtype:trojan-activity;sid:82707424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844325)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/swagkarna/bypass-tamper-protection/main/nsudo.exe"; depth:50; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844325/; classtype:trojan-activity;sid:82707425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844322)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.207.232.3"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844322/; classtype:trojan-activity;sid:82707422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844321)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/file/csn7w5ayankpwte/5.doc/file"; depth:32; endswith; nocase; http.host; content:"www.mediafire.com"; depth:17; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844321/; classtype:trojan-activity;sid:82707421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844320)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.194.166.171"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844320/; classtype:trojan-activity;sid:82707420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844319)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.238.189.11"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844319/; classtype:trojan-activity;sid:82707419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844318)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.221.182.178"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844318/; classtype:trojan-activity;sid:82707418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844317)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/6209_1638342585_2277.exe"; depth:31; endswith; nocase; http.host; content:"host-file-host-3.com"; depth:20; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844317/; classtype:trojan-activity;sid:82707417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844316)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"218.29.147.167"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844316/; classtype:trojan-activity;sid:82707416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844315)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"114.33.62.109"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844315/; classtype:trojan-activity;sid:82707415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844314)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.4.241.246"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844314/; classtype:trojan-activity;sid:82707414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844312)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.93.20.107"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844312/; classtype:trojan-activity;sid:82707412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844313)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.82.143.8"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844313/; classtype:trojan-activity;sid:82707413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844311)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.176.53.203"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844311/; classtype:trojan-activity;sid:82707411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844310)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.96.44.170"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844310/; classtype:trojan-activity;sid:82707410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844309)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.99.143.131"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844309/; classtype:trojan-activity;sid:82707409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844308)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"27.40.119.195"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844308/; classtype:trojan-activity;sid:82707408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844307)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"45.224.168.20"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844307/; classtype:trojan-activity;sid:82707407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844306)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.255.211.193"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844306/; classtype:trojan-activity;sid:82707406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844305)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"49.89.199.31"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844305/; classtype:trojan-activity;sid:82707405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844304)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"62.97.176.135"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844304/; classtype:trojan-activity;sid:82707404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844303)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.126.86.205"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844303/; classtype:trojan-activity;sid:82707403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844302)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"183.150.141.131"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844302/; classtype:trojan-activity;sid:82707402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844301)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"186.33.72.177"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844301/; classtype:trojan-activity;sid:82707401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844300)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"186.33.68.60"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844300/; classtype:trojan-activity;sid:82707400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844299)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.122.196.57"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844299/; classtype:trojan-activity;sid:82707399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844298)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.249.68.188"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844298/; classtype:trojan-activity;sid:82707398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844296)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.44.10.116"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844296/; classtype:trojan-activity;sid:82707396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844297)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.56.5.140"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844297/; classtype:trojan-activity;sid:82707397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844294)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.97.194.247"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844294/; classtype:trojan-activity;sid:82707394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844295)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.217.154.186"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844295/; classtype:trojan-activity;sid:82707395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844292)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"113.8.204.121"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844292/; classtype:trojan-activity;sid:82707392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844293)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"119.96.22.24"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844293/; classtype:trojan-activity;sid:82707393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844291)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.59.10.47"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844291/; classtype:trojan-activity;sid:82707391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844289)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.137.83.111"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844289/; classtype:trojan-activity;sid:82707389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844288)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tegz/q277ag7fkn9pacawdfflgnbeuaqged8i/bawextqogyaazlr/au1xerru1fitjjv8bbaquem65smqxyvyd/64063/g6fjylghrvwp7s1tvhnzdv/xcjcycjbx8tpaalshidax85peq/cab3"; depth:149; endswith; nocase; http.host; content:"winrentals2017b.com"; depth:19; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844288/; classtype:trojan-activity;sid:82707388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844287)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"118.173.224.54"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844287/; classtype:trojan-activity;sid:82707387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844286)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.150.105.82"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844286/; classtype:trojan-activity;sid:82707386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844285)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.170.140"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844285/; classtype:trojan-activity;sid:82707385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844281)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.224.65.39"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844281/; classtype:trojan-activity;sid:82707381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844282)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.13.3.155"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844282/; classtype:trojan-activity;sid:82707382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844278)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.255.217.38"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844278/; classtype:trojan-activity;sid:82707378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844279)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.228.244.172"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844279/; classtype:trojan-activity;sid:82707379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844280)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.248.141.242"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844280/; classtype:trojan-activity;sid:82707380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844276)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.52.212.140"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844276/; classtype:trojan-activity;sid:82707376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844277)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"58.249.84.24"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844277/; classtype:trojan-activity;sid:82707377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844274)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"188.170.248.109"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844274/; classtype:trojan-activity;sid:82707374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844273)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"183.188.133.179"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844273/; classtype:trojan-activity;sid:82707373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844272)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"163.125.180.25"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844272/; classtype:trojan-activity;sid:82707372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844271)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"123.14.35.123"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844271/; classtype:trojan-activity;sid:82707371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844269)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.10.48.88"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844269/; classtype:trojan-activity;sid:82707369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844268)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.238.189.11"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844268/; classtype:trojan-activity;sid:82707368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844266)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.8.71.76"; depth:11; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844266/; classtype:trojan-activity;sid:82707366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844267)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.196.53.137"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844267/; classtype:trojan-activity;sid:82707367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844265)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.222.168.152"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844265/; classtype:trojan-activity;sid:82707365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844264)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/armv7l"; depth:7; endswith; nocase; http.host; content:"192.3.118.107"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844264/; classtype:trojan-activity;sid:82707364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844263)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"116.176.53.203"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844263/; classtype:trojan-activity;sid:82707363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844262)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"218.29.147.167"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844262/; classtype:trojan-activity;sid:82707362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844261)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.41.75.190"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844261/; classtype:trojan-activity;sid:82707361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844257)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.103.159"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844257/; classtype:trojan-activity;sid:82707357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844255)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.44.155"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844255/; classtype:trojan-activity;sid:82707355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844256)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.82.143.8"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844256/; classtype:trojan-activity;sid:82707356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844254)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.52.21.194"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844254/; classtype:trojan-activity;sid:82707354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844253)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.201.193.230"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844253/; classtype:trojan-activity;sid:82707353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844252)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"87.133.208.108"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844252/; classtype:trojan-activity;sid:82707352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844249)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.213.46.218"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844249/; classtype:trojan-activity;sid:82707349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844248)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"184.67.99.154"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844248/; classtype:trojan-activity;sid:82707348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844247)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"222.137.104.10"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844247/; classtype:trojan-activity;sid:82707347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844246)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"59.95.76.39"; depth:11; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844246/; classtype:trojan-activity;sid:82707346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844244)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.194.227.2"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844244/; classtype:trojan-activity;sid:82707344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844245)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"183.33.129.158"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844245/; classtype:trojan-activity;sid:82707345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844243)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.155.9.244"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844243/; classtype:trojan-activity;sid:82707343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844242)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"163.179.168.10"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844242/; classtype:trojan-activity;sid:82707342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844241)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"186.33.82.0"; depth:11; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844241/; classtype:trojan-activity;sid:82707341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844237)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"119.179.239.203"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844237/; classtype:trojan-activity;sid:82707337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844238)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.59.194.239"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844238/; classtype:trojan-activity;sid:82707338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844239)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.56.139.63"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844239/; classtype:trojan-activity;sid:82707339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844240)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"120.84.115.93"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844240/; classtype:trojan-activity;sid:82707340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844234)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.223.86.101"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844234/; classtype:trojan-activity;sid:82707334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844235)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.215.210.143"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844235/; classtype:trojan-activity;sid:82707335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844236)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.201.202.65"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844236/; classtype:trojan-activity;sid:82707336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844233)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.87.199.38"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844233/; classtype:trojan-activity;sid:82707333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844232)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.223.149.199"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844232/; classtype:trojan-activity;sid:82707332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844231)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"114.228.143.112"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844231/; classtype:trojan-activity;sid:82707331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844230)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sqlite3.dll"; depth:12; endswith; nocase; http.host; content:"guseyn.space"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844230/; classtype:trojan-activity;sid:82707330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844229)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/freebl3.dll"; depth:12; endswith; nocase; http.host; content:"guseyn.space"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844229/; classtype:trojan-activity;sid:82707329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844224)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vcruntime140.dll"; depth:17; endswith; nocase; http.host; content:"guseyn.space"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844224/; classtype:trojan-activity;sid:82707324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844225)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/msvcp140.dll"; depth:13; endswith; nocase; http.host; content:"guseyn.space"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844225/; classtype:trojan-activity;sid:82707325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844226)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/softokn3.dll"; depth:13; endswith; nocase; http.host; content:"guseyn.space"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844226/; classtype:trojan-activity;sid:82707326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844227)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nss3.dll"; depth:9; endswith; nocase; http.host; content:"guseyn.space"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844227/; classtype:trojan-activity;sid:82707327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844228)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozglue.dll"; depth:12; endswith; nocase; http.host; content:"guseyn.space"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844228/; classtype:trojan-activity;sid:82707328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844223)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.53.193.97"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844223/; classtype:trojan-activity;sid:82707323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844222)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.50.69.53"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844222/; classtype:trojan-activity;sid:82707322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844221)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.4.90.202"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844221/; classtype:trojan-activity;sid:82707321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844220)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.59.10.47"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844220/; classtype:trojan-activity;sid:82707320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844219)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.52.21.194"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844219/; classtype:trojan-activity;sid:82707319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844218)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.68.136.108"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844218/; classtype:trojan-activity;sid:82707318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844217)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.44.40.117"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844217/; classtype:trojan-activity;sid:82707317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844216)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.31.5"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844216/; classtype:trojan-activity;sid:82707316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844214)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.224.223.84"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844214/; classtype:trojan-activity;sid:82707314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844211)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.248.146.80"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844211/; classtype:trojan-activity;sid:82707311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844212)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.180.152.175"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844212/; classtype:trojan-activity;sid:82707312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844210)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.155.16.80"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844210/; classtype:trojan-activity;sid:82707310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844208)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"27.44.71.123"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844208/; classtype:trojan-activity;sid:82707308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844209)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.40.89.246"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844209/; classtype:trojan-activity;sid:82707309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844206)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/file/chz7hwxww3pf86n/2.doc/file"; depth:32; endswith; nocase; http.host; content:"www.mediafire.com"; depth:17; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844206/; classtype:trojan-activity;sid:82707306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844207)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.59.251.157"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844207/; classtype:trojan-activity;sid:82707307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844205)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.45.119.60"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844205/; classtype:trojan-activity;sid:82707305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844202)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.85.174.131"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844202/; classtype:trojan-activity;sid:82707302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844203)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"163.179.163.151"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844203/; classtype:trojan-activity;sid:82707303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844201)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.70.138"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844201/; classtype:trojan-activity;sid:82707301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844198)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.9.221.80"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844198/; classtype:trojan-activity;sid:82707298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844197)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.196.23.148"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844197/; classtype:trojan-activity;sid:82707297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844196)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.71.242"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844196/; classtype:trojan-activity;sid:82707296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844195)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.10.51.107"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844195/; classtype:trojan-activity;sid:82707295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844194)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.41.75.190"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844194/; classtype:trojan-activity;sid:82707294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844193)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"27.43.116.73"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844193/; classtype:trojan-activity;sid:82707293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844192)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"184.67.99.154"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844192/; classtype:trojan-activity;sid:82707292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844191)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.45.17.185"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844191/; classtype:trojan-activity;sid:82707291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844190)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.249.84.119"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844190/; classtype:trojan-activity;sid:82707290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844188)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.252.182.90"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844188/; classtype:trojan-activity;sid:82707288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844187)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.248.150.71"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844187/; classtype:trojan-activity;sid:82707287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844186)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.215.49.151"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844186/; classtype:trojan-activity;sid:82707286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844184)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"87.133.208.108"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844184/; classtype:trojan-activity;sid:82707284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844183)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"14.172.136.42"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844183/; classtype:trojan-activity;sid:82707283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844182)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.59.181.172"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844182/; classtype:trojan-activity;sid:82707282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844180)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"171.121.5.22"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844180/; classtype:trojan-activity;sid:82707280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844181)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.41.189.247"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844181/; classtype:trojan-activity;sid:82707281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844179)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.121.137.88"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844179/; classtype:trojan-activity;sid:82707279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844178)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.47.44.48"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844178/; classtype:trojan-activity;sid:82707278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844177)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"27.40.122.154"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844177/; classtype:trojan-activity;sid:82707277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844176)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"124.131.133.204"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844176/; classtype:trojan-activity;sid:82707276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844175)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"120.85.164.211"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844175/; classtype:trojan-activity;sid:82707275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844173)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.56.153.98"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844173/; classtype:trojan-activity;sid:82707273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844174)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.207.230.66"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844174/; classtype:trojan-activity;sid:82707274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844172)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.201.197.1"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844172/; classtype:trojan-activity;sid:82707272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844171)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"101.205.8.155"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844171/; classtype:trojan-activity;sid:82707271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844169)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"220.201.199.247"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844169/; classtype:trojan-activity;sid:82707269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844168)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.102.131.164"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844168/; classtype:trojan-activity;sid:82707268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844167)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.218.216.70"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844167/; classtype:trojan-activity;sid:82707267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844164)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.70.138"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844164/; classtype:trojan-activity;sid:82707264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844162)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.52.44.173"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844162/; classtype:trojan-activity;sid:82707262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844159)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"61.52.79.168"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844159/; classtype:trojan-activity;sid:82707259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844158)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.196.23.148"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844158/; classtype:trojan-activity;sid:82707258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844157)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"60.215.190.122"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844157/; classtype:trojan-activity;sid:82707257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844156)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.99.207.239"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844156/; classtype:trojan-activity;sid:82707256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844154)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.249.82.45"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844154/; classtype:trojan-activity;sid:82707254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844155)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.11.77.166"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844155/; classtype:trojan-activity;sid:82707255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844153)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"2.196.128.177"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844153/; classtype:trojan-activity;sid:82707253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844151)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"27.40.119.54"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844151/; classtype:trojan-activity;sid:82707251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844152)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.224.174.94"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844152/; classtype:trojan-activity;sid:82707252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844150)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.227.248.106"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844150/; classtype:trojan-activity;sid:82707250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844149)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"42.238.250.212"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844149/; classtype:trojan-activity;sid:82707249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844148)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"27.47.77.79"; depth:11; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844148/; classtype:trojan-activity;sid:82707248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844147)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.224.67.23"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844147/; classtype:trojan-activity;sid:82707247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844146)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"186.33.67.252"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844146/; classtype:trojan-activity;sid:82707246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844144)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.241.184.157"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844144/; classtype:trojan-activity;sid:82707244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844145)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"119.180.19.79"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844145/; classtype:trojan-activity;sid:82707245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844142)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.85.174.137"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844142/; classtype:trojan-activity;sid:82707242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844143)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"163.125.135.171"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844143/; classtype:trojan-activity;sid:82707243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844141)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.236.214.6"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844141/; classtype:trojan-activity;sid:82707241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844138)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"163.125.32.77"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844138/; classtype:trojan-activity;sid:82707238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844139)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.4.215.59"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844139/; classtype:trojan-activity;sid:82707239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844140)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.213.9.119"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844140/; classtype:trojan-activity;sid:82707240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844137)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.58.134.54"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844137/; classtype:trojan-activity;sid:82707237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844136)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.48.146.119"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844136/; classtype:trojan-activity;sid:82707236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844134)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cc9sh4"; depth:7; endswith; nocase; http.host; content:"23.94.36.134"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844134/; classtype:trojan-activity;sid:82707234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844135)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cc9ppc"; depth:7; endswith; nocase; http.host; content:"23.94.36.134"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844135/; classtype:trojan-activity;sid:82707235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844131)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cc9i586"; depth:8; endswith; nocase; http.host; content:"23.94.36.134"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844131/; classtype:trojan-activity;sid:82707231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844132)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cc9adc"; depth:7; endswith; nocase; http.host; content:"23.94.36.134"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844132/; classtype:trojan-activity;sid:82707232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844133)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cc9mpsl"; depth:8; endswith; nocase; http.host; content:"23.94.36.134"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844133/; classtype:trojan-activity;sid:82707233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844130)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.45.17.185"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844130/; classtype:trojan-activity;sid:82707230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844126)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.190.241.223"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844126/; classtype:trojan-activity;sid:82707226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844127)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cc9cco"; depth:7; endswith; nocase; http.host; content:"23.94.36.134"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844127/; classtype:trojan-activity;sid:82707227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844128)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cc9x86"; depth:7; endswith; nocase; http.host; content:"23.94.36.134"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844128/; classtype:trojan-activity;sid:82707228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844129)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cc9m68k"; depth:8; endswith; nocase; http.host; content:"23.94.36.134"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844129/; classtype:trojan-activity;sid:82707229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844122)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cc9mips"; depth:8; endswith; nocase; http.host; content:"23.94.36.134"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844122/; classtype:trojan-activity;sid:82707222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844123)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cc9i686"; depth:8; endswith; nocase; http.host; content:"23.94.36.134"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844123/; classtype:trojan-activity;sid:82707223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844124)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cc9dss"; depth:7; endswith; nocase; http.host; content:"23.94.36.134"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844124/; classtype:trojan-activity;sid:82707224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844125)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cc9arm6"; depth:8; endswith; nocase; http.host; content:"23.94.36.134"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844125/; classtype:trojan-activity;sid:82707225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844121)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.30.110.57"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844121/; classtype:trojan-activity;sid:82707221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844120)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.198.249.29"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844120/; classtype:trojan-activity;sid:82707220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844119)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.221.188.33"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844119/; classtype:trojan-activity;sid:82707219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844118)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/uh11/"; depth:17; endswith; nocase; http.host; content:"thetrendskill.com"; depth:17; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844118/; classtype:trojan-activity;sid:82707218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844115)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.194.227.2"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844115/; classtype:trojan-activity;sid:82707215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844114)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.52.36.24"; depth:11; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844114/; classtype:trojan-activity;sid:82707214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844113)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.224.214.79"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844113/; classtype:trojan-activity;sid:82707213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844112)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.86.231.113"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844112/; classtype:trojan-activity;sid:82707212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844110)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"60.243.255.77"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844110/; classtype:trojan-activity;sid:82707210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844111)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.96.28.91"; depth:11; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844111/; classtype:trojan-activity;sid:82707211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844109)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.230.90.6"; depth:11; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844109/; classtype:trojan-activity;sid:82707209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844108)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"27.38.95.120"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844108/; classtype:trojan-activity;sid:82707208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844106)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"49.89.93.73"; depth:11; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844106/; classtype:trojan-activity;sid:82707206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844105)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.40.75.176"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844105/; classtype:trojan-activity;sid:82707205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844104)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"118.79.158.170"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844104/; classtype:trojan-activity;sid:82707204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844101)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.12.241.234"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844101/; classtype:trojan-activity;sid:82707201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844102)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.5.184.15"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844102/; classtype:trojan-activity;sid:82707202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844099)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"170.244.231.148"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844099/; classtype:trojan-activity;sid:82707199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844100)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"78.187.197.77"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844100/; classtype:trojan-activity;sid:82707200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844098)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"105.155.1.134"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844098/; classtype:trojan-activity;sid:82707198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844097)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.236.230.213"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844097/; classtype:trojan-activity;sid:82707197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844095)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"113.246.131.45"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844095/; classtype:trojan-activity;sid:82707195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844096)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.249.115.103"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844096/; classtype:trojan-activity;sid:82707196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844094)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.110.236.117"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844094/; classtype:trojan-activity;sid:82707194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844093)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.130.68.33"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844093/; classtype:trojan-activity;sid:82707193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844087)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.248.143.117"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844087/; classtype:trojan-activity;sid:82707187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844088)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.228.46.214"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844088/; classtype:trojan-activity;sid:82707188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844085)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"219.154.103.169"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844085/; classtype:trojan-activity;sid:82707185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844086)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.227.237.26"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844086/; classtype:trojan-activity;sid:82707186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844084)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"42.224.56.25"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844084/; classtype:trojan-activity;sid:82707184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844083)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.9.119"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844083/; classtype:trojan-activity;sid:82707183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844081)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"27.43.108.53"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844081/; classtype:trojan-activity;sid:82707181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844080)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.4.205.26"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844080/; classtype:trojan-activity;sid:82707180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844078)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.86.250.162"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844078/; classtype:trojan-activity;sid:82707178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844079)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"140.237.4.213"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844079/; classtype:trojan-activity;sid:82707179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844075)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.51.129.160"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844075/; classtype:trojan-activity;sid:82707175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844076)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"118.75.222.10"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844076/; classtype:trojan-activity;sid:82707176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844074)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.219.210.52"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844074/; classtype:trojan-activity;sid:82707174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844073)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.135.100.161"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844073/; classtype:trojan-activity;sid:82707173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844070)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.99.204.116"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844070/; classtype:trojan-activity;sid:82707170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844069)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.221.188.33"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844069/; classtype:trojan-activity;sid:82707169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844066)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view-ops/dmnj4muh3dmkoo9xhjo/"; depth:30; endswith; nocase; http.host; content:"corporate.giappichelli.it"; depth:25; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844066/; classtype:trojan-activity;sid:82707166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844065)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.198.129.129"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844065/; classtype:trojan-activity;sid:82707165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844064)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"178.141.140.26"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844064/; classtype:trojan-activity;sid:82707164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844061)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"59.93.20.49"; depth:11; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844061/; classtype:trojan-activity;sid:82707161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844062)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.3.189.241"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844062/; classtype:trojan-activity;sid:82707162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844060)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.6.18.225"; depth:11; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844060/; classtype:trojan-activity;sid:82707160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844056)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.45.93.105"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844056/; classtype:trojan-activity;sid:82707156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844055)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"49.70.4.66"; depth:10; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844055/; classtype:trojan-activity;sid:82707155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844054)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.40.87.148"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844054/; classtype:trojan-activity;sid:82707154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844053)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"186.33.90.76"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844053/; classtype:trojan-activity;sid:82707153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844052)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"171.40.180.217"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844052/; classtype:trojan-activity;sid:82707152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844050)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.117.118.3"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844050/; classtype:trojan-activity;sid:82707150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844051)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"186.33.69.9"; depth:11; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844051/; classtype:trojan-activity;sid:82707151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844049)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.117.26.153"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844049/; classtype:trojan-activity;sid:82707149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844048)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.207.228.228"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844048/; classtype:trojan-activity;sid:82707148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844047)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"163.125.238.155"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844047/; classtype:trojan-activity;sid:82707147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844044)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.198.247.198"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844044/; classtype:trojan-activity;sid:82707144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844046)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"163.204.212.187"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844046/; classtype:trojan-activity;sid:82707146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844042)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"124.132.60.229"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844042/; classtype:trojan-activity;sid:82707142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844043)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.223.245.237"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844043/; classtype:trojan-activity;sid:82707143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844040)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.63.50.220"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844040/; classtype:trojan-activity;sid:82707140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844041)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.97.138.112"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844041/; classtype:trojan-activity;sid:82707141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844039)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.193.124.169"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844039/; classtype:trojan-activity;sid:82707139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844037)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.232.143.188"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844037/; classtype:trojan-activity;sid:82707137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844036)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.127.70.207"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844036/; classtype:trojan-activity;sid:82707136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844034)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.242.13.221"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844034/; classtype:trojan-activity;sid:82707134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844035)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.87.227.78"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844035/; classtype:trojan-activity;sid:82707135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844033)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.141.174.75"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844033/; classtype:trojan-activity;sid:82707133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844032)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.99.204.116"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844032/; classtype:trojan-activity;sid:82707132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844031)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"153.36.170.236"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844031/; classtype:trojan-activity;sid:82707131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844030)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.116.247.160"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844030/; classtype:trojan-activity;sid:82707130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844028)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.53.200.215"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844028/; classtype:trojan-activity;sid:82707128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844027)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.53.223.159"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844027/; classtype:trojan-activity;sid:82707127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844024)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.203.156.204"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844024/; classtype:trojan-activity;sid:82707124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844025)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"222.140.246.120"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844025/; classtype:trojan-activity;sid:82707125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844026)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.224.27.154"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844026/; classtype:trojan-activity;sid:82707126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844023)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.239.245.187"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844023/; classtype:trojan-activity;sid:82707123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844022)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.52.87.234"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844022/; classtype:trojan-activity;sid:82707122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844021)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.135.100.161"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844021/; classtype:trojan-activity;sid:82707121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844020)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"178.95.87.19"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844020/; classtype:trojan-activity;sid:82707120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844019)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"186.33.94.24"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844019/; classtype:trojan-activity;sid:82707119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844018)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.87.50.191"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844018/; classtype:trojan-activity;sid:82707118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844016)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"122.188.147.29"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844016/; classtype:trojan-activity;sid:82707116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844017)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"119.136.88.147"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844017/; classtype:trojan-activity;sid:82707117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844014)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.221.183.107"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844014/; classtype:trojan-activity;sid:82707114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844013)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.50.40.75"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844013/; classtype:trojan-activity;sid:82707113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844012)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.190.56.64"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844012/; classtype:trojan-activity;sid:82707112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844011)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"113.118.197.7"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844011/; classtype:trojan-activity;sid:82707111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844009)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.59.81.225"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844009/; classtype:trojan-activity;sid:82707109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844010)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"122.189.11.55"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844010/; classtype:trojan-activity;sid:82707110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844008)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.59.87.164"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844008/; classtype:trojan-activity;sid:82707108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844007)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"88.59.246.115"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844007/; classtype:trojan-activity;sid:82707107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844006)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/wc5hvgxhfmdwee3/"; depth:26; endswith; nocase; http.host; content:"zbc.vn"; depth:6; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844006/; classtype:trojan-activity;sid:82707106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844004)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/content/rac3apqzt81/"; depth:21; endswith; nocase; http.host; content:"prabin.me"; depth:9; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844004/; classtype:trojan-activity;sid:82707104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844002)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/axzhsh/"; depth:19; endswith; nocase; http.host; content:"www.pasionportufuturo.pe"; depth:24; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844002/; classtype:trojan-activity;sid:82707102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844003)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/jgittyqrgicpzgayd/"; depth:30; endswith; nocase; http.host; content:"alittlebrave.com"; depth:16; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844003/; classtype:trojan-activity;sid:82707103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844001)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"171.35.162.73"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844001/; classtype:trojan-activity;sid:82707101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1844000)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"61.53.75.46"; depth:11; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1844000/; classtype:trojan-activity;sid:82707100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843999)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.194.240.249"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843999/; classtype:trojan-activity;sid:82707099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843998)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.57.127.209"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843998/; classtype:trojan-activity;sid:82707098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843997)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"171.112.35.48"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843997/; classtype:trojan-activity;sid:82707097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843995)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"84.215.180.60"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843995/; classtype:trojan-activity;sid:82707095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843993)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.45.15.5"; depth:10; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843993/; classtype:trojan-activity;sid:82707093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843991)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.230.54.149"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843991/; classtype:trojan-activity;sid:82707091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843990)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.53.87.173"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843990/; classtype:trojan-activity;sid:82707090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843988)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"175.160.120.4"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843988/; classtype:trojan-activity;sid:82707088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843987)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.155.28.197"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843987/; classtype:trojan-activity;sid:82707087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843984)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"121.61.100.254"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843984/; classtype:trojan-activity;sid:82707084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843985)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.44.49.16"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843985/; classtype:trojan-activity;sid:82707085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843982)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.212.39.252"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843982/; classtype:trojan-activity;sid:82707082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843983)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.118.219.128"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843983/; classtype:trojan-activity;sid:82707083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843980)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"115.194.150.14"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843980/; classtype:trojan-activity;sid:82707080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843981)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.53.240.205"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843981/; classtype:trojan-activity;sid:82707081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843978)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"111.170.125.8"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843978/; classtype:trojan-activity;sid:82707078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843979)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.10.130.167"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843979/; classtype:trojan-activity;sid:82707079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843977)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.161.234.120"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843977/; classtype:trojan-activity;sid:82707077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843976)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"111.170.125.8"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843976/; classtype:trojan-activity;sid:82707076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843975)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"78.187.197.77"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843975/; classtype:trojan-activity;sid:82707075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843974)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"58.249.82.220"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843974/; classtype:trojan-activity;sid:82707074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843971)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"116.130.68.33"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843971/; classtype:trojan-activity;sid:82707071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843970)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.228.235.21"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843970/; classtype:trojan-activity;sid:82707070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843968)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"61.54.59.63"; depth:11; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843968/; classtype:trojan-activity;sid:82707068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843969)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.45.94.112"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843969/; classtype:trojan-activity;sid:82707069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843966)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"221.15.7.43"; depth:11; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843966/; classtype:trojan-activity;sid:82707066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843967)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"84.214.208.86"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843967/; classtype:trojan-activity;sid:82707067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843965)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"60.243.161.239"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843965/; classtype:trojan-activity;sid:82707065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843964)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.249.78.3"; depth:11; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843964/; classtype:trojan-activity;sid:82707064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843961)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.255.143.113"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843961/; classtype:trojan-activity;sid:82707061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843962)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.40.74.73"; depth:11; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843962/; classtype:trojan-activity;sid:82707062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843963)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"95.137.248.182"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843963/; classtype:trojan-activity;sid:82707063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843960)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.110.209.181"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843960/; classtype:trojan-activity;sid:82707060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843959)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"14.104.205.195"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843959/; classtype:trojan-activity;sid:82707059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843958)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.43.184.44"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843958/; classtype:trojan-activity;sid:82707058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843957)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.120.1.190"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843957/; classtype:trojan-activity;sid:82707057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843955)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.114.26.206"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843955/; classtype:trojan-activity;sid:82707055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843956)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.41.141.247"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843956/; classtype:trojan-activity;sid:82707056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843954)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.179.46"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843954/; classtype:trojan-activity;sid:82707054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843952)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"121.186.21.164"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843952/; classtype:trojan-activity;sid:82707052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843953)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"113.90.178.201"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843953/; classtype:trojan-activity;sid:82707053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843949)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.14.109.15"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843949/; classtype:trojan-activity;sid:82707049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843950)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.251.49.23"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843950/; classtype:trojan-activity;sid:82707050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843951)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.56.139.174"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843951/; classtype:trojan-activity;sid:82707051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843947)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.61.112.6"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843947/; classtype:trojan-activity;sid:82707047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843945)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.64.212"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843945/; classtype:trojan-activity;sid:82707045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843944)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.194.240.249"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843944/; classtype:trojan-activity;sid:82707044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843943)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.99.199.205"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843943/; classtype:trojan-activity;sid:82707043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843942)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.94.195.54"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843942/; classtype:trojan-activity;sid:82707042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843939)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.59.87.164"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843939/; classtype:trojan-activity;sid:82707039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843938)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.58.125"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843938/; classtype:trojan-activity;sid:82707038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843936)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"58.249.80.25"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843936/; classtype:trojan-activity;sid:82707036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843934)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.42.196.201"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843934/; classtype:trojan-activity;sid:82707034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843933)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.119.51.133"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843933/; classtype:trojan-activity;sid:82707033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843932)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"183.92.159.196"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843932/; classtype:trojan-activity;sid:82707032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843931)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"125.43.53.0"; depth:11; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843931/; classtype:trojan-activity;sid:82707031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843928)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"175.8.94.248"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843928/; classtype:trojan-activity;sid:82707028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843927)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.230.81.173"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843927/; classtype:trojan-activity;sid:82707027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843926)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.196.49.195"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843926/; classtype:trojan-activity;sid:82707026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843925)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.58.214.211"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843925/; classtype:trojan-activity;sid:82707025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843923)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.154.136"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843923/; classtype:trojan-activity;sid:82707023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843924)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"1.190.160.174"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843924/; classtype:trojan-activity;sid:82707024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843922)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.201.199.243"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843922/; classtype:trojan-activity;sid:82707022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843921)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"27.38.95.80"; depth:11; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843921/; classtype:trojan-activity;sid:82707021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843920)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.85.166.154"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843920/; classtype:trojan-activity;sid:82707020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843919)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.232.199.103"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843919/; classtype:trojan-activity;sid:82707019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843918)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.64.212"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843918/; classtype:trojan-activity;sid:82707018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843917)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"59.97.172.59"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843917/; classtype:trojan-activity;sid:82707017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843916)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.37.228"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843916/; classtype:trojan-activity;sid:82707016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843914)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.99.157.242"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843914/; classtype:trojan-activity;sid:82707014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843915)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.249.80.248"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843915/; classtype:trojan-activity;sid:82707015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843912)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.21.200"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843912/; classtype:trojan-activity;sid:82707012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843909)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.15.1.155"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843909/; classtype:trojan-activity;sid:82707009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843910)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.154.120.70"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843910/; classtype:trojan-activity;sid:82707010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843911)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.94.134.230"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843911/; classtype:trojan-activity;sid:82707011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843908)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.240.139.66"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843908/; classtype:trojan-activity;sid:82707008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843907)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"163.125.33.38"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843907/; classtype:trojan-activity;sid:82707007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843906)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"121.234.190.206"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843906/; classtype:trojan-activity;sid:82707006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843905)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.94.195.54"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843905/; classtype:trojan-activity;sid:82707005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843904)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.47.46.215"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843904/; classtype:trojan-activity;sid:82707004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843903)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.180.172.20"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843903/; classtype:trojan-activity;sid:82707003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843902)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.118.13.57"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843902/; classtype:trojan-activity;sid:82707002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843901)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"118.79.98.248"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843901/; classtype:trojan-activity;sid:82707001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843900)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.49.90.221"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843900/; classtype:trojan-activity;sid:82707000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843899)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"116.72.22.27"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843899/; classtype:trojan-activity;sid:82706999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843898)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.61.112.6"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843898/; classtype:trojan-activity;sid:82706998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843897)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"27.45.119.155"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843897/; classtype:trojan-activity;sid:82706997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843895)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.58.125"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843895/; classtype:trojan-activity;sid:82706995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843894)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.30.1.155"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843894/; classtype:trojan-activity;sid:82706994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843892)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"92.72.221.237"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843892/; classtype:trojan-activity;sid:82706992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843891)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"87.6.224.227"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843891/; classtype:trojan-activity;sid:82706991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843890)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"60.212.248.12"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843890/; classtype:trojan-activity;sid:82706990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843889)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.227.152.78"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843889/; classtype:trojan-activity;sid:82706989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843886)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.10.101.214"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843886/; classtype:trojan-activity;sid:82706986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843887)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.255.81.63"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843887/; classtype:trojan-activity;sid:82706987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843888)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.99.193.241"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843888/; classtype:trojan-activity;sid:82706988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843884)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"186.33.73.105"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843884/; classtype:trojan-activity;sid:82706984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843882)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.127.35.114"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843882/; classtype:trojan-activity;sid:82706982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843881)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.224.150.187"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843881/; classtype:trojan-activity;sid:82706981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843880)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.15.248.31"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843880/; classtype:trojan-activity;sid:82706980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843879)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.5.185.231"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843879/; classtype:trojan-activity;sid:82706979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843878)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.118.240.100"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843878/; classtype:trojan-activity;sid:82706978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843877)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"171.38.222.208"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843877/; classtype:trojan-activity;sid:82706977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843873)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.88.133.106"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843873/; classtype:trojan-activity;sid:82706973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843875)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"124.228.201.199"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843875/; classtype:trojan-activity;sid:82706975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843876)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"171.125.235.115"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843876/; classtype:trojan-activity;sid:82706976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843872)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.85.164.150"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843872/; classtype:trojan-activity;sid:82706972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843870)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"115.48.188.135"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843870/; classtype:trojan-activity;sid:82706970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843869)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.90.160.3"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843869/; classtype:trojan-activity;sid:82706969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843868)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.252.142.236"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843868/; classtype:trojan-activity;sid:82706968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843866)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.49.251.184"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843866/; classtype:trojan-activity;sid:82706966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843867)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"114.227.136.48"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843867/; classtype:trojan-activity;sid:82706967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843865)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.155.26.76"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843865/; classtype:trojan-activity;sid:82706965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843864)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.56.122.76"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843864/; classtype:trojan-activity;sid:82706964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843863)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.232.199.103"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843863/; classtype:trojan-activity;sid:82706963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843861)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.240.139.66"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843861/; classtype:trojan-activity;sid:82706961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843860)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.221.180.98"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843860/; classtype:trojan-activity;sid:82706960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843859)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.37.228"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843859/; classtype:trojan-activity;sid:82706959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843858)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"14.226.183.114"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843858/; classtype:trojan-activity;sid:82706958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843857)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.249.82.236"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843857/; classtype:trojan-activity;sid:82706957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843855)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"58.249.82.236"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843855/; classtype:trojan-activity;sid:82706955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843854)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"183.128.213.128"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843854/; classtype:trojan-activity;sid:82706954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843853)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.43.82.106"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843853/; classtype:trojan-activity;sid:82706953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843851)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.40.116.98"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843851/; classtype:trojan-activity;sid:82706951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843852)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.47.124.196"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843852/; classtype:trojan-activity;sid:82706952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843850)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.117.115.148"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843850/; classtype:trojan-activity;sid:82706950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843848)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.154.126.224"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843848/; classtype:trojan-activity;sid:82706948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843849)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"180.124.159.254"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843849/; classtype:trojan-activity;sid:82706949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843846)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.118.135.216"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843846/; classtype:trojan-activity;sid:82706946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843844)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.24.111.30"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843844/; classtype:trojan-activity;sid:82706944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843845)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.11.179.251"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843845/; classtype:trojan-activity;sid:82706945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843843)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"101.108.8.192"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843843/; classtype:trojan-activity;sid:82706943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843841)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.86.146.57"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843841/; classtype:trojan-activity;sid:82706941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843842)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"119.189.139.196"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843842/; classtype:trojan-activity;sid:82706942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843839)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"178.141.156.147"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843839/; classtype:trojan-activity;sid:82706939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843837)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"120.86.248.240"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843837/; classtype:trojan-activity;sid:82706937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843836)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.5.113.176"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843836/; classtype:trojan-activity;sid:82706936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843835)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.109.52"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843835/; classtype:trojan-activity;sid:82706935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843833)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.10.101.214"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843833/; classtype:trojan-activity;sid:82706933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843832)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.10.18.96"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843832/; classtype:trojan-activity;sid:82706932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843829)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.224.254.43"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843829/; classtype:trojan-activity;sid:82706929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843827)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.249.82.4"; depth:11; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843827/; classtype:trojan-activity;sid:82706927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843828)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.54.218.197"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843828/; classtype:trojan-activity;sid:82706928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843825)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.157.134.71"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843825/; classtype:trojan-activity;sid:82706925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843824)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.215.140.239"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843824/; classtype:trojan-activity;sid:82706924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843823)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.72.57.175"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843823/; classtype:trojan-activity;sid:82706923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843822)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"186.33.90.28"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843822/; classtype:trojan-activity;sid:82706922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843819)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"121.23.78.127"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843819/; classtype:trojan-activity;sid:82706919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843820)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.41.77.194"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843820/; classtype:trojan-activity;sid:82706920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843817)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"123.9.197.8"; depth:11; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843817/; classtype:trojan-activity;sid:82706917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843818)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"163.125.39.247"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843818/; classtype:trojan-activity;sid:82706918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843815)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.251.60.89"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843815/; classtype:trojan-activity;sid:82706915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843816)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.201.45.155"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843816/; classtype:trojan-activity;sid:82706916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843813)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.86.249.188"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843813/; classtype:trojan-activity;sid:82706913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843814)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.196.21.62"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843814/; classtype:trojan-activity;sid:82706914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843811)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"115.202.166.61"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843811/; classtype:trojan-activity;sid:82706911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843812)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"116.74.141.159"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843812/; classtype:trojan-activity;sid:82706912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843810)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"115.193.127.61"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843810/; classtype:trojan-activity;sid:82706910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843809)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.123.224.2"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843809/; classtype:trojan-activity;sid:82706909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843808)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"114.236.28.73"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843808/; classtype:trojan-activity;sid:82706908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843807)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"58.249.80.182"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843807/; classtype:trojan-activity;sid:82706907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843806)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"42.179.210.200"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843806/; classtype:trojan-activity;sid:82706906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843804)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kler.exe"; depth:9; endswith; nocase; http.host; content:"antivirf.ru"; depth:11; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843804/; classtype:trojan-activity;sid:82706904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843803)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"218.81.34.139"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843803/; classtype:trojan-activity;sid:82706903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843802)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"116.25.135.28"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843802/; classtype:trojan-activity;sid:82706902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843800)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"42.227.52.157"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843800/; classtype:trojan-activity;sid:82706900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843801)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"45.6.27.125"; depth:11; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843801/; classtype:trojan-activity;sid:82706901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843798)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"36.34.182.206"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843798/; classtype:trojan-activity;sid:82706898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843797)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.116.40.186"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843797/; classtype:trojan-activity;sid:82706897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843796)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"186.33.66.185"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843796/; classtype:trojan-activity;sid:82706896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843795)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"49.89.93.87"; depth:11; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843795/; classtype:trojan-activity;sid:82706895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843794)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.155.69.72"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843794/; classtype:trojan-activity;sid:82706894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843793)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.126.118.230"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843793/; classtype:trojan-activity;sid:82706893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843791)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.248.143.57"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843791/; classtype:trojan-activity;sid:82706891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843790)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.97.175.97"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843790/; classtype:trojan-activity;sid:82706890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843787)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.239.101.131"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843787/; classtype:trojan-activity;sid:82706887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843788)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"119.123.79.102"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843788/; classtype:trojan-activity;sid:82706888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843785)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.196.51.20"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843785/; classtype:trojan-activity;sid:82706885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843783)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.137.122.77"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843783/; classtype:trojan-activity;sid:82706883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843780)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.76.208.219"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843780/; classtype:trojan-activity;sid:82706880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843778)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.5.113.176"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843778/; classtype:trojan-activity;sid:82706878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843776)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"31.163.159.86"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843776/; classtype:trojan-activity;sid:82706876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843774)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.45.9.186"; depth:11; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843774/; classtype:trojan-activity;sid:82706874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843773)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"116.72.57.175"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843773/; classtype:trojan-activity;sid:82706873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843771)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.99.204.156"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843771/; classtype:trojan-activity;sid:82706871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843769)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"49.70.3.159"; depth:11; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843769/; classtype:trojan-activity;sid:82706869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843767)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.71.220"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843767/; classtype:trojan-activity;sid:82706867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843768)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.9.220.171"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843768/; classtype:trojan-activity;sid:82706868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843766)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"49.89.223.57"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843766/; classtype:trojan-activity;sid:82706866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843765)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.96.29.124"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843765/; classtype:trojan-activity;sid:82706865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843764)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"216.66.185.50"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843764/; classtype:trojan-activity;sid:82706864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843763)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"14.237.247.198"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843763/; classtype:trojan-activity;sid:82706863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843762)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.251.51.0"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843762/; classtype:trojan-activity;sid:82706862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843761)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.11.161.91"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843761/; classtype:trojan-activity;sid:82706861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843760)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"119.190.184.230"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843760/; classtype:trojan-activity;sid:82706860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843757)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.31.247.104"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843757/; classtype:trojan-activity;sid:82706857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843758)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.63.233.26"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843758/; classtype:trojan-activity;sid:82706858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843756)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"110.180.151.200"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843756/; classtype:trojan-activity;sid:82706856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843755)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.51.120.171"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843755/; classtype:trojan-activity;sid:82706855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843754)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.50.229.104"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843754/; classtype:trojan-activity;sid:82706854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843752)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.50.173.18"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843752/; classtype:trojan-activity;sid:82706852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843753)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.49.93.90"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843753/; classtype:trojan-activity;sid:82706853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843751)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.10.188"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843751/; classtype:trojan-activity;sid:82706851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843750)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"163.179.168.156"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843750/; classtype:trojan-activity;sid:82706850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843748)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.46.227.255"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843748/; classtype:trojan-activity;sid:82706848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843749)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"31.170.174.85"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843749/; classtype:trojan-activity;sid:82706849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843746)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.230.42.249"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843746/; classtype:trojan-activity;sid:82706846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843747)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.190.3"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843747/; classtype:trojan-activity;sid:82706847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843745)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.228.72.25"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843745/; classtype:trojan-activity;sid:82706845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843744)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tao/xsmrdufi/"; depth:14; endswith; nocase; http.host; content:"www.kitsadagoodcar.com"; depth:22; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843744/; classtype:trojan-activity;sid:82706844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843743)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"163.125.120.101"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843743/; classtype:trojan-activity;sid:82706843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843742)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.14.164.114"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843742/; classtype:trojan-activity;sid:82706842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843741)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"216.66.185.50"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843741/; classtype:trojan-activity;sid:82706841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843738)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"64.66.192.182"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843738/; classtype:trojan-activity;sid:82706838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843736)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"91.222.76.214"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843736/; classtype:trojan-activity;sid:82706836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843737)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"183.87.123.234"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843737/; classtype:trojan-activity;sid:82706837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843735)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"221.160.177.201"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843735/; classtype:trojan-activity;sid:82706835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843734)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"120.85.175.152"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843734/; classtype:trojan-activity;sid:82706834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843732)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.116.67.104"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843732/; classtype:trojan-activity;sid:82706832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843728)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"171.34.178.93"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843728/; classtype:trojan-activity;sid:82706828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843729)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"163.179.162.221"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843729/; classtype:trojan-activity;sid:82706829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843730)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"171.38.218.196"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843730/; classtype:trojan-activity;sid:82706830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843727)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"47.227.114.16"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843727/; classtype:trojan-activity;sid:82706827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843726)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"14.161.190.127"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843726/; classtype:trojan-activity;sid:82706826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843723)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.223.80.58"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843723/; classtype:trojan-activity;sid:82706823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843724)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.5.113.176"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843724/; classtype:trojan-activity;sid:82706824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843725)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"125.40.104.119"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843725/; classtype:trojan-activity;sid:82706825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843721)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"115.50.224.251"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843721/; classtype:trojan-activity;sid:82706821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843722)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.85.169.43"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843722/; classtype:trojan-activity;sid:82706822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843720)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.127.139.205"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843720/; classtype:trojan-activity;sid:82706820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843717)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0/hpj50cdqi86fo/"; depth:17; endswith; nocase; http.host; content:"dulichsinhcafe.com.vn"; depth:21; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843717/; classtype:trojan-activity;sid:82706817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843716)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blog/7l7vndzakhos307sk/"; depth:24; endswith; nocase; http.host; content:"www.tradeinsights.net"; depth:21; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843716/; classtype:trojan-activity;sid:82706816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843715)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.203.236"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843715/; classtype:trojan-activity;sid:82706815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843714)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.123.247.128"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843714/; classtype:trojan-activity;sid:82706814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843713)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.71.220"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843713/; classtype:trojan-activity;sid:82706813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843712)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.198.127.94"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843712/; classtype:trojan-activity;sid:82706812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843708)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.8.247.37"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843708/; classtype:trojan-activity;sid:82706808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843709)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.88.222.226"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843709/; classtype:trojan-activity;sid:82706809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843706)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"171.119.254.17"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843706/; classtype:trojan-activity;sid:82706806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843705)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"119.139.195.173"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843705/; classtype:trojan-activity;sid:82706805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843704)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/mu-plugins-old/loo60rb/"; depth:35; endswith; nocase; http.host; content:"www.kretaro.com"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843704/; classtype:trojan-activity;sid:82706804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843703)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"14.233.175.152"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843703/; classtype:trojan-activity;sid:82706803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843700)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"120.57.208.187"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843700/; classtype:trojan-activity;sid:82706800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843701)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"163.204.215.224"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843701/; classtype:trojan-activity;sid:82706801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843702)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"186.33.95.250"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843702/; classtype:trojan-activity;sid:82706802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843699)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"150.255.94.209"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843699/; classtype:trojan-activity;sid:82706799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843697)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.218.238.210"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843697/; classtype:trojan-activity;sid:82706797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843695)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.54.99.243"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843695/; classtype:trojan-activity;sid:82706795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843692)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.208.140.56"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843692/; classtype:trojan-activity;sid:82706792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843693)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.50.66.30"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843693/; classtype:trojan-activity;sid:82706793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843694)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.77.119"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843694/; classtype:trojan-activity;sid:82706794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843691)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.53.200.45"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843691/; classtype:trojan-activity;sid:82706791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843690)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"183.97.5.155"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843690/; classtype:trojan-activity;sid:82706790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843689)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.228.72.25"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843689/; classtype:trojan-activity;sid:82706789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843687)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/app/sfxcd5gk/"; depth:14; endswith; nocase; http.host; content:"cosechamarket.com"; depth:17; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843687/; classtype:trojan-activity;sid:82706787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843686)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.56.151.244"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843686/; classtype:trojan-activity;sid:82706786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843683)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ytgc/bxwvbdpxu7hl/"; depth:19; endswith; nocase; http.host; content:"test.zapara.shop"; depth:16; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843683/; classtype:trojan-activity;sid:82706783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843681)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.30.110.27"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843681/; classtype:trojan-activity;sid:82706781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843679)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"58.249.79.26"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843679/; classtype:trojan-activity;sid:82706779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843680)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.94.192.204"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843680/; classtype:trojan-activity;sid:82706780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843678)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.119.216.235"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843678/; classtype:trojan-activity;sid:82706778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843676)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.141.107.210"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843676/; classtype:trojan-activity;sid:82706776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843677)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.155.98.130"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843677/; classtype:trojan-activity;sid:82706777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843671)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"186.33.81.254"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843671/; classtype:trojan-activity;sid:82706771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843672)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"60.16.100.118"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843672/; classtype:trojan-activity;sid:82706772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843673)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"186.33.82.67"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843673/; classtype:trojan-activity;sid:82706773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843675)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.40.82.247"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843675/; classtype:trojan-activity;sid:82706775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843670)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.157.30.132"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843670/; classtype:trojan-activity;sid:82706770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843669)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"14.161.191.100"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843669/; classtype:trojan-activity;sid:82706769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843668)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.85.174.89"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843668/; classtype:trojan-activity;sid:82706768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843667)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"123.11.4.44"; depth:11; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843667/; classtype:trojan-activity;sid:82706767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843664)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"119.194.240.249"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843664/; classtype:trojan-activity;sid:82706764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843665)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"163.125.232.189"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843665/; classtype:trojan-activity;sid:82706765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843662)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"102.132.46.147"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843662/; classtype:trojan-activity;sid:82706762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843663)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.56.121.34"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843663/; classtype:trojan-activity;sid:82706763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843661)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"113.116.6.5"; depth:11; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843661/; classtype:trojan-activity;sid:82706761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843660)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"119.182.72.99"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843660/; classtype:trojan-activity;sid:82706760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843658)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cgi-bin/7hj1fwnusilpvbo/"; depth:25; endswith; nocase; http.host; content:"vnamazon.vn"; depth:11; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843658/; classtype:trojan-activity;sid:82706758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843656)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.123.247.128"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843656/; classtype:trojan-activity;sid:82706756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843655)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.203.236"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843655/; classtype:trojan-activity;sid:82706755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843651)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"27.45.89.156"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843651/; classtype:trojan-activity;sid:82706751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843652)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.50.221.134"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843652/; classtype:trojan-activity;sid:82706752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843648)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.176.233.166"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843648/; classtype:trojan-activity;sid:82706748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843649)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.52.34.31"; depth:11; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843649/; classtype:trojan-activity;sid:82706749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843650)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.248.140.144"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843650/; classtype:trojan-activity;sid:82706750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843647)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.45.91.25"; depth:11; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843647/; classtype:trojan-activity;sid:82706747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843646)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"114.199.255.34"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843646/; classtype:trojan-activity;sid:82706746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843642)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"124.163.14.55"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843642/; classtype:trojan-activity;sid:82706742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843641)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.118.183.81"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843641/; classtype:trojan-activity;sid:82706741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843640)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.28.32.92"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843640/; classtype:trojan-activity;sid:82706740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843638)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.126.80.52"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843638/; classtype:trojan-activity;sid:82706738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843639)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.4.86.237"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843639/; classtype:trojan-activity;sid:82706739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843637)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.52.18.7"; depth:11; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843637/; classtype:trojan-activity;sid:82706737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843636)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.87.249.69"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843636/; classtype:trojan-activity;sid:82706736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843635)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.118.17.93"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843635/; classtype:trojan-activity;sid:82706735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843634)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.215.28.39"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843634/; classtype:trojan-activity;sid:82706734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843632)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"47.227.114.16"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843632/; classtype:trojan-activity;sid:82706732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843631)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.30.110.37"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843631/; classtype:trojan-activity;sid:82706731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843628)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.24.235.236"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843628/; classtype:trojan-activity;sid:82706728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843627)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.252.110.235"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843627/; classtype:trojan-activity;sid:82706727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843624)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.99.138.52"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843624/; classtype:trojan-activity;sid:82706724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843620)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.224.99.73"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843620/; classtype:trojan-activity;sid:82706720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843621)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.38.95.80"; depth:11; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843621/; classtype:trojan-activity;sid:82706721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843622)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.71.216.70"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843622/; classtype:trojan-activity;sid:82706722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843619)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.90.151.229"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843619/; classtype:trojan-activity;sid:82706719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843617)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"116.193.172.87"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843617/; classtype:trojan-activity;sid:82706717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843616)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"125.42.125.138"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843616/; classtype:trojan-activity;sid:82706716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843615)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.50.231.16"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843615/; classtype:trojan-activity;sid:82706715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843614)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"163.204.218.194"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843614/; classtype:trojan-activity;sid:82706714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843612)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.56.169.7"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843612/; classtype:trojan-activity;sid:82706712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843611)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.243.31.67"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843611/; classtype:trojan-activity;sid:82706711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843610)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"171.125.214.79"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843610/; classtype:trojan-activity;sid:82706710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843609)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"203.128.169.86"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843609/; classtype:trojan-activity;sid:82706709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843608)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"115.59.21.164"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843608/; classtype:trojan-activity;sid:82706708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843607)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.248.151.15"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843607/; classtype:trojan-activity;sid:82706707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843605)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.31.149"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843605/; classtype:trojan-activity;sid:82706705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843604)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"45.23.22.186"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843604/; classtype:trojan-activity;sid:82706704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843603)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"49.70.4.182"; depth:11; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843603/; classtype:trojan-activity;sid:82706703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843601)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.36.142.109"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843601/; classtype:trojan-activity;sid:82706701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843602)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.230.44.42"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843602/; classtype:trojan-activity;sid:82706702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843599)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.233.107.4"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843599/; classtype:trojan-activity;sid:82706699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843600)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"219.154.107.224"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843600/; classtype:trojan-activity;sid:82706700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843598)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.248.144.39"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843598/; classtype:trojan-activity;sid:82706698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843597)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/assets/css/dotms_4/ydffmtjjrnqrpo.dotm"; depth:39; endswith; nocase; http.host; content:"my.dexserver.com"; depth:16; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843597/; classtype:trojan-activity;sid:82706697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843595)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"186.33.92.163"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843595/; classtype:trojan-activity;sid:82706695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843593)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.126.242.3"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843593/; classtype:trojan-activity;sid:82706693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843594)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"177.91.22.89"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843594/; classtype:trojan-activity;sid:82706694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843590)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"183.130.39.61"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843590/; classtype:trojan-activity;sid:82706690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843591)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"123.14.26.143"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843591/; classtype:trojan-activity;sid:82706691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843589)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.59.57.153"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843589/; classtype:trojan-activity;sid:82706689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843587)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"163.125.19.98"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843587/; classtype:trojan-activity;sid:82706687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843585)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"163.204.209.162"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843585/; classtype:trojan-activity;sid:82706685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843584)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.37.237.65"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843584/; classtype:trojan-activity;sid:82706684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843581)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.77.70.0"; depth:10; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843581/; classtype:trojan-activity;sid:82706681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843580)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.252.110.235"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843580/; classtype:trojan-activity;sid:82706680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843579)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"197.86.215.224"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843579/; classtype:trojan-activity;sid:82706679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843578)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"171.125.214.79"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843578/; classtype:trojan-activity;sid:82706678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843576)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"101.75.176.249"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843576/; classtype:trojan-activity;sid:82706676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843572)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.142.190.138"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843572/; classtype:trojan-activity;sid:82706672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843571)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.223.171"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843571/; classtype:trojan-activity;sid:82706671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843570)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"58.243.127.182"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843570/; classtype:trojan-activity;sid:82706670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843569)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.15.93.124"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843569/; classtype:trojan-activity;sid:82706669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843567)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.156.97.11"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843567/; classtype:trojan-activity;sid:82706667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843568)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.45.118.145"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843568/; classtype:trojan-activity;sid:82706668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843566)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.102.59.81"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843566/; classtype:trojan-activity;sid:82706666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843564)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.26.253.229"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843564/; classtype:trojan-activity;sid:82706664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843563)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"125.46.220.5"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843563/; classtype:trojan-activity;sid:82706663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843562)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.132.98.38"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843562/; classtype:trojan-activity;sid:82706662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843561)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"115.50.170.56"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843561/; classtype:trojan-activity;sid:82706661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843560)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.198.165.97"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843560/; classtype:trojan-activity;sid:82706660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843557)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.5.225.161"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843557/; classtype:trojan-activity;sid:82706657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843558)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.253.3.84"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843558/; classtype:trojan-activity;sid:82706658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843559)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.8.128.138"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843559/; classtype:trojan-activity;sid:82706659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843556)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.222.164.220"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843556/; classtype:trojan-activity;sid:82706656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843554)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.155.234.150"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843554/; classtype:trojan-activity;sid:82706654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843553)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"122.189.2.191"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843553/; classtype:trojan-activity;sid:82706653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843552)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.63.178.21"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843552/; classtype:trojan-activity;sid:82706652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843550)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.4.86.36"; depth:11; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843550/; classtype:trojan-activity;sid:82706650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843549)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.30.1.133"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843549/; classtype:trojan-activity;sid:82706649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843545)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.158.183"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843545/; classtype:trojan-activity;sid:82706645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843544)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"201.157.212.29"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843544/; classtype:trojan-activity;sid:82706644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843543)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.3.152.46"; depth:11; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843543/; classtype:trojan-activity;sid:82706643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843541)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.99.44.237"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843541/; classtype:trojan-activity;sid:82706641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843542)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.231.201.234"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843542/; classtype:trojan-activity;sid:82706642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843539)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"183.130.39.61"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843539/; classtype:trojan-activity;sid:82706639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843537)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.194.187.24"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843537/; classtype:trojan-activity;sid:82706637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843536)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.3.71.211"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843536/; classtype:trojan-activity;sid:82706636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843533)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.4.91.246"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843533/; classtype:trojan-activity;sid:82706633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843535)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1/dotms_5/fnuabvmzpb.dotm"; depth:26; endswith; nocase; http.host; content:"fire.hypersys-server.com.ar"; depth:27; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843535/; classtype:trojan-activity;sid:82706635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843532)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"182.126.117.93"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843532/; classtype:trojan-activity;sid:82706632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843531)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"171.35.175.43"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843531/; classtype:trojan-activity;sid:82706631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843528)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.83.81.98"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843528/; classtype:trojan-activity;sid:82706628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843529)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.85.164.211"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843529/; classtype:trojan-activity;sid:82706629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843530)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.87.32.116"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843530/; classtype:trojan-activity;sid:82706630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843527)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"119.102.92.152"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843527/; classtype:trojan-activity;sid:82706627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843526)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"118.79.148.177"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843526/; classtype:trojan-activity;sid:82706626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843525)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"116.4.9.222"; depth:11; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843525/; classtype:trojan-activity;sid:82706625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843524)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.251.53.207"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843524/; classtype:trojan-activity;sid:82706624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843523)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.49.202.21"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843523/; classtype:trojan-activity;sid:82706623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843522)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.61.167.129"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843522/; classtype:trojan-activity;sid:82706622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843521)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.50.163.172"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843521/; classtype:trojan-activity;sid:82706621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843520)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.155.76"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843520/; classtype:trojan-activity;sid:82706620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843516)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"112.132.157.62"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843516/; classtype:trojan-activity;sid:82706616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843517)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.248.0.214"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843517/; classtype:trojan-activity;sid:82706617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843515)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.239.113.242"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843515/; classtype:trojan-activity;sid:82706615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843512)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.248.128"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843512/; classtype:trojan-activity;sid:82706612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843510)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.234.150"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843510/; classtype:trojan-activity;sid:82706610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843509)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.255.135.110"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843509/; classtype:trojan-activity;sid:82706609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843507)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.215.220.41"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843507/; classtype:trojan-activity;sid:82706607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843508)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"79.137.250.41"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843508/; classtype:trojan-activity;sid:82706608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843506)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"42.232.230.13"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843506/; classtype:trojan-activity;sid:82706606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843504)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"27.45.11.161"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843504/; classtype:trojan-activity;sid:82706604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843503)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.45.119.20"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843503/; classtype:trojan-activity;sid:82706603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843502)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.11.2.4"; depth:10; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843502/; classtype:trojan-activity;sid:82706602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843501)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.45.14.48"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843501/; classtype:trojan-activity;sid:82706601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843500)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"206.125.151.236"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843500/; classtype:trojan-activity;sid:82706600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843499)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.8.204.59"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843499/; classtype:trojan-activity;sid:82706599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843497)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.43.66.69"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843497/; classtype:trojan-activity;sid:82706597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843496)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.4.86.237"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843496/; classtype:trojan-activity;sid:82706596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843495)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"120.85.172.39"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843495/; classtype:trojan-activity;sid:82706595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843493)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.222.175.127"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843493/; classtype:trojan-activity;sid:82706593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843486)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.45.17.243"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843486/; classtype:trojan-activity;sid:82706586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843485)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.235.153.48"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843485/; classtype:trojan-activity;sid:82706585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843483)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"42.230.216.247"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843483/; classtype:trojan-activity;sid:82706583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843484)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.185.78.19"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843484/; classtype:trojan-activity;sid:82706584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843481)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.249.89.219"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843481/; classtype:trojan-activity;sid:82706581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843480)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"27.44.100.97"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843480/; classtype:trojan-activity;sid:82706580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843478)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"27.43.108.234"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843478/; classtype:trojan-activity;sid:82706578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843476)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.138.188.35"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843476/; classtype:trojan-activity;sid:82706576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843474)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.119.167.154"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843474/; classtype:trojan-activity;sid:82706574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843472)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"163.125.28.134"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843472/; classtype:trojan-activity;sid:82706572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843473)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.44.209.67"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843473/; classtype:trojan-activity;sid:82706573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843470)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.75.103"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843470/; classtype:trojan-activity;sid:82706570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843471)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"124.165.146.147"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843471/; classtype:trojan-activity;sid:82706571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843468)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"163.204.223.228"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843468/; classtype:trojan-activity;sid:82706568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843469)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.8.73.191"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843469/; classtype:trojan-activity;sid:82706569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843467)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"120.85.184.14"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843467/; classtype:trojan-activity;sid:82706567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843464)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.196.50.23"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843464/; classtype:trojan-activity;sid:82706564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843466)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.196.23.148"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843466/; classtype:trojan-activity;sid:82706566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843461)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.180.173.53"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843461/; classtype:trojan-activity;sid:82706561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843463)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"202.110.41.83"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843463/; classtype:trojan-activity;sid:82706563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843457)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.248.128"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843457/; classtype:trojan-activity;sid:82706557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843454)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"121.227.215.145"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843454/; classtype:trojan-activity;sid:82706554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843451)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.54.167.87"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843451/; classtype:trojan-activity;sid:82706551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843452)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.253.154.124"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843452/; classtype:trojan-activity;sid:82706552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843450)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"49.89.93.117"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843450/; classtype:trojan-activity;sid:82706550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843447)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.249.87.57"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843447/; classtype:trojan-activity;sid:82706547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843446)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.80.64.193"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843446/; classtype:trojan-activity;sid:82706546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843445)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.154.96.55"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843445/; classtype:trojan-activity;sid:82706545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843444)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.38.95.29"; depth:11; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843444/; classtype:trojan-activity;sid:82706544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843443)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.224.134.105"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843443/; classtype:trojan-activity;sid:82706543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843441)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.43.109.4"; depth:11; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843441/; classtype:trojan-activity;sid:82706541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843440)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.119.116.138"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843440/; classtype:trojan-activity;sid:82706540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843439)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"163.204.218.93"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843439/; classtype:trojan-activity;sid:82706539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843437)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.88.124.130"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843437/; classtype:trojan-activity;sid:82706537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843434)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.194.166.80"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843434/; classtype:trojan-activity;sid:82706534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843433)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.50.81.148"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843433/; classtype:trojan-activity;sid:82706533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843432)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"1.190.163.130"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843432/; classtype:trojan-activity;sid:82706532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843431)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/7899_1638359185_7006.exe"; depth:31; endswith; nocase; http.host; content:"host-file-host-3.com"; depth:20; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843431/; classtype:trojan-activity;sid:82706531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843429)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.13.33.240"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843429/; classtype:trojan-activity;sid:82706529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843428)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.185.78.19"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843428/; classtype:trojan-activity;sid:82706528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843427)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.179.238.113"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843427/; classtype:trojan-activity;sid:82706527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843426)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.75.103"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843426/; classtype:trojan-activity;sid:82706526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843424)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.255.212.10"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843424/; classtype:trojan-activity;sid:82706524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843423)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"124.131.43.136"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843423/; classtype:trojan-activity;sid:82706523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843421)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.52.188.86"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843421/; classtype:trojan-activity;sid:82706521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843419)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.226.72.3"; depth:11; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843419/; classtype:trojan-activity;sid:82706519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843417)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.26.245"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843417/; classtype:trojan-activity;sid:82706517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843415)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.112.99.74"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843415/; classtype:trojan-activity;sid:82706515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843413)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.10.49.226"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843413/; classtype:trojan-activity;sid:82706513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843411)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"113.234.202.44"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843411/; classtype:trojan-activity;sid:82706511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843412)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"175.164.167.203"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843412/; classtype:trojan-activity;sid:82706512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843410)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.155.227"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843410/; classtype:trojan-activity;sid:82706510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843406)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.12.11.74"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843406/; classtype:trojan-activity;sid:82706506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843403)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"39.72.28.143"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843403/; classtype:trojan-activity;sid:82706503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843400)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.215.123.99"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843400/; classtype:trojan-activity;sid:82706500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843399)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.238.17.204"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843399/; classtype:trojan-activity;sid:82706499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843396)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.63.215.150"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843396/; classtype:trojan-activity;sid:82706496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843395)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.9.108.34"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843395/; classtype:trojan-activity;sid:82706495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843393)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.10.106"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843393/; classtype:trojan-activity;sid:82706493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843391)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.119.184.197"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843391/; classtype:trojan-activity;sid:82706491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843392)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"119.250.251.2"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843392/; classtype:trojan-activity;sid:82706492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843390)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.47.93"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843390/; classtype:trojan-activity;sid:82706490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843388)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"119.119.168.113"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843388/; classtype:trojan-activity;sid:82706488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843386)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"94.233.201.206"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843386/; classtype:trojan-activity;sid:82706486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843385)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"115.224.66.237"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843385/; classtype:trojan-activity;sid:82706485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843384)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"110.228.34.35"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843384/; classtype:trojan-activity;sid:82706484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843382)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.118.244.209"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843382/; classtype:trojan-activity;sid:82706482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843381)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"42.230.138.54"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843381/; classtype:trojan-activity;sid:82706481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843380)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"58.248.144.95"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843380/; classtype:trojan-activity;sid:82706480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843379)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/js/plugins/azghtwlymtbatbc0/"; depth:29; endswith; nocase; http.host; content:"www.prizebond.net.pk"; depth:20; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843379/; classtype:trojan-activity;sid:82706479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843376)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"82.56.58.154"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843376/; classtype:trojan-activity;sid:82706476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843375)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.94.182.104"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843375/; classtype:trojan-activity;sid:82706475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843374)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"58.253.6.50"; depth:11; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843374/; classtype:trojan-activity;sid:82706474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843371)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.230.40.109"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843371/; classtype:trojan-activity;sid:82706471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843370)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"27.45.35.92"; depth:11; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843370/; classtype:trojan-activity;sid:82706470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843369)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.67.28.159"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843369/; classtype:trojan-activity;sid:82706469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843367)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.119.231.25"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843367/; classtype:trojan-activity;sid:82706467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843368)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"186.33.88.180"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843368/; classtype:trojan-activity;sid:82706468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843365)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.121.94.229"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843365/; classtype:trojan-activity;sid:82706465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843364)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.8.93"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843364/; classtype:trojan-activity;sid:82706464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843360)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.86.235.184"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843360/; classtype:trojan-activity;sid:82706460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843361)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"120.238.187.71"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843361/; classtype:trojan-activity;sid:82706461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843359)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"116.25.134.37"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843359/; classtype:trojan-activity;sid:82706459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843358)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.207.236.133"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843358/; classtype:trojan-activity;sid:82706458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843356)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.201.199.61"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843356/; classtype:trojan-activity;sid:82706456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843355)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"115.50.81.148"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843355/; classtype:trojan-activity;sid:82706455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843352)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.61.186.116"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843352/; classtype:trojan-activity;sid:82706452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843349)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.241.195.208"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843349/; classtype:trojan-activity;sid:82706449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843346)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"84.215.180.128"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843346/; classtype:trojan-activity;sid:82706446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843345)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"58.249.90.29"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843345/; classtype:trojan-activity;sid:82706445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843344)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.234.239.239"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843344/; classtype:trojan-activity;sid:82706444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843342)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.53.100.49"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843342/; classtype:trojan-activity;sid:82706442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843341)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.112.47.92"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843341/; classtype:trojan-activity;sid:82706441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843340)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"45.167.148.180"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843340/; classtype:trojan-activity;sid:82706440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843339)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.138.46.139"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843339/; classtype:trojan-activity;sid:82706439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843336)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.215.82.154"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843336/; classtype:trojan-activity;sid:82706436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843337)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.5.39.25"; depth:10; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843337/; classtype:trojan-activity;sid:82706437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843333)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"120.6.65.69"; depth:11; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843333/; classtype:trojan-activity;sid:82706433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843331)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.84.107.31"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843331/; classtype:trojan-activity;sid:82706431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843325)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.25.135.250"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843325/; classtype:trojan-activity;sid:82706425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843324)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.11.21.28"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843324/; classtype:trojan-activity;sid:82706424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843321)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.242.49.249"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843321/; classtype:trojan-activity;sid:82706421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843318)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"61.52.76.182"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843318/; classtype:trojan-activity;sid:82706418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843317)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"58.248.140.144"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843317/; classtype:trojan-activity;sid:82706417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843315)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"27.40.103.50"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843315/; classtype:trojan-activity;sid:82706415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843311)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.230.136.180"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843311/; classtype:trojan-activity;sid:82706411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843312)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.45.114.80"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843312/; classtype:trojan-activity;sid:82706412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843310)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"49.89.93.139"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843310/; classtype:trojan-activity;sid:82706410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843309)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"115.195.252.248"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843309/; classtype:trojan-activity;sid:82706409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843307)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.222.161.18"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843307/; classtype:trojan-activity;sid:82706407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843308)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.56.140.199"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843308/; classtype:trojan-activity;sid:82706408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843304)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.111.145"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843304/; classtype:trojan-activity;sid:82706404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843302)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.61.40.34"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843302/; classtype:trojan-activity;sid:82706402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843299)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"216.66.185.50"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843299/; classtype:trojan-activity;sid:82706399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843298)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.51.120.53"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843298/; classtype:trojan-activity;sid:82706398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843297)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.30.110.41"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843297/; classtype:trojan-activity;sid:82706397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843295)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"67.35.58.253"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843295/; classtype:trojan-activity;sid:82706395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843294)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"49.82.75.125"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843294/; classtype:trojan-activity;sid:82706394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843293)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"60.163.218.220"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843293/; classtype:trojan-activity;sid:82706393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843292)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.223.120"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843292/; classtype:trojan-activity;sid:82706392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843291)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.53.194.35"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843291/; classtype:trojan-activity;sid:82706391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843290)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"42.230.93.153"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843290/; classtype:trojan-activity;sid:82706390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843286)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"177.91.21.15"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843286/; classtype:trojan-activity;sid:82706386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843284)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.114.187.49"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843284/; classtype:trojan-activity;sid:82706384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843283)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.46.164.220"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843283/; classtype:trojan-activity;sid:82706383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843281)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.61.97.155"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843281/; classtype:trojan-activity;sid:82706381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843280)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"101.109.238.228"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843280/; classtype:trojan-activity;sid:82706380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843279)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"113.226.253.207"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843279/; classtype:trojan-activity;sid:82706379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843275)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.85.185.214"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843275/; classtype:trojan-activity;sid:82706375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843274)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.241.195.208"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843274/; classtype:trojan-activity;sid:82706374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843273)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"187.170.50.78"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843273/; classtype:trojan-activity;sid:82706373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843272)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/5441_1638381159_8043.exe"; depth:31; endswith; nocase; http.host; content:"host-file-host-3.com"; depth:20; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843272/; classtype:trojan-activity;sid:82706372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843271)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1/1.mp3/1165whoreniggagay.bin"; depth:30; endswith; nocase; http.host; content:"fire.hypersys-server.com.ar"; depth:27; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843271/; classtype:trojan-activity;sid:82706371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843270)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.96.244.110"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843270/; classtype:trojan-activity;sid:82706370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843267)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.215.90.53"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843267/; classtype:trojan-activity;sid:82706367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843266)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"39.86.169.26"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843266/; classtype:trojan-activity;sid:82706366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843265)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/usa/done300us.exe"; depth:18; endswith; nocase; http.host; content:"212.193.30.29"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843265/; classtype:trojan-activity;sid:82706365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843262)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"41.86.5.42"; depth:10; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843262/; classtype:trojan-activity;sid:82706362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843259)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.138.22.83"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843259/; classtype:trojan-activity;sid:82706359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843257)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"27.45.92.6"; depth:10; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843257/; classtype:trojan-activity;sid:82706357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843258)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.231.135.39"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843258/; classtype:trojan-activity;sid:82706358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843255)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.154.34.123"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843255/; classtype:trojan-activity;sid:82706355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843254)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.141.39.60"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843254/; classtype:trojan-activity;sid:82706354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843252)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"125.42.123.244"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843252/; classtype:trojan-activity;sid:82706352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843250)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.121.125.10"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843250/; classtype:trojan-activity;sid:82706350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843249)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.209.244.153"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843249/; classtype:trojan-activity;sid:82706349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843248)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"116.25.95.61"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843248/; classtype:trojan-activity;sid:82706348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843247)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.222.160.4"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843247/; classtype:trojan-activity;sid:82706347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843246)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.62.153.249"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843246/; classtype:trojan-activity;sid:82706346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843245)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.56.26.245"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843245/; classtype:trojan-activity;sid:82706345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843243)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.50.229.18"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843243/; classtype:trojan-activity;sid:82706343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843244)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.71.170.34"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843244/; classtype:trojan-activity;sid:82706344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843242)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"183.188.81.229"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843242/; classtype:trojan-activity;sid:82706342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843241)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.3.189.136"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843241/; classtype:trojan-activity;sid:82706341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843240)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.119.103.115"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843240/; classtype:trojan-activity;sid:82706340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843238)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.3.159.226"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843238/; classtype:trojan-activity;sid:82706338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843235)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"41.133.143.53"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843235/; classtype:trojan-activity;sid:82706335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843234)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.1.226.54"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843234/; classtype:trojan-activity;sid:82706334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843229)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"171.35.175.2"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843229/; classtype:trojan-activity;sid:82706329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843228)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.4.33.41"; depth:11; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843228/; classtype:trojan-activity;sid:82706328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843226)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.40.65.129"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843226/; classtype:trojan-activity;sid:82706326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843225)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"163.204.223.74"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843225/; classtype:trojan-activity;sid:82706325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843224)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"123.4.86.36"; depth:11; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843224/; classtype:trojan-activity;sid:82706324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843223)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.97.255"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843223/; classtype:trojan-activity;sid:82706323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843219)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.90.177.129"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843219/; classtype:trojan-activity;sid:82706319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843217)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"14.160.177.242"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843217/; classtype:trojan-activity;sid:82706317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843216)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.137.208.99"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_02; reference:url, urlhaus.abuse.ch/url/1843216/; classtype:trojan-activity;sid:82706316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843215)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.126.235.143"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843215/; classtype:trojan-activity;sid:82706315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843214)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.238.2"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843214/; classtype:trojan-activity;sid:82706314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843213)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"120.87.32.63"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843213/; classtype:trojan-activity;sid:82706313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843212)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"114.236.25.221"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843212/; classtype:trojan-activity;sid:82706312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843211)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"118.247.102.65"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843211/; classtype:trojan-activity;sid:82706311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843210)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.202.63.35"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843210/; classtype:trojan-activity;sid:82706310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843209)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/wwh/"; depth:14; endswith; nocase; http.host; content:"modamooo.com"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843209/; classtype:trojan-activity;sid:82706309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843208)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"170.78.39.23"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843208/; classtype:trojan-activity;sid:82706308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843207)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"41.86.5.42"; depth:10; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843207/; classtype:trojan-activity;sid:82706307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843206)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"45.23.22.186"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843206/; classtype:trojan-activity;sid:82706306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843205)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.139.120.92"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843205/; classtype:trojan-activity;sid:82706305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843204)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"183.188.244.16"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843204/; classtype:trojan-activity;sid:82706304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843202)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.14.16.233"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843202/; classtype:trojan-activity;sid:82706302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843203)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.95.71.77"; depth:11; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843203/; classtype:trojan-activity;sid:82706303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843201)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.248.150.93"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843201/; classtype:trojan-activity;sid:82706301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843200)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.136.27.119"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843200/; classtype:trojan-activity;sid:82706300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843198)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"89.20.224.71"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843198/; classtype:trojan-activity;sid:82706298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843199)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.139.19.156"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843199/; classtype:trojan-activity;sid:82706299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843197)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.114.94.36"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843197/; classtype:trojan-activity;sid:82706297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843196)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bdpz/m1fdhqdfd5zz3zdgxf/"; depth:25; endswith; nocase; http.host; content:"axlesys.in"; depth:10; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843196/; classtype:trojan-activity;sid:82706296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843195)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.104.54.193"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843195/; classtype:trojan-activity;sid:82706295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843194)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"186.33.93.95"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843194/; classtype:trojan-activity;sid:82706294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843193)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.4.48.45"; depth:11; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843193/; classtype:trojan-activity;sid:82706293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843191)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.12.43.21"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843191/; classtype:trojan-activity;sid:82706291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843192)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"122.142.234.126"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843192/; classtype:trojan-activity;sid:82706292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843190)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"163.179.167.82"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843190/; classtype:trojan-activity;sid:82706290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843189)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"170.78.70.217"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843189/; classtype:trojan-activity;sid:82706289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843188)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.52.37.209"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843188/; classtype:trojan-activity;sid:82706288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843187)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"119.179.251.18"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843187/; classtype:trojan-activity;sid:82706287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843186)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"114.226.44.170"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843186/; classtype:trojan-activity;sid:82706286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843185)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cgi-bin/zntbaqvwn/"; depth:19; endswith; nocase; http.host; content:"www.lsmoc.org"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843185/; classtype:trojan-activity;sid:82706285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843184)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"59.99.204.155"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843184/; classtype:trojan-activity;sid:82706284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843183)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.3.189.136"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843183/; classtype:trojan-activity;sid:82706283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843182)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.227.236.6"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843182/; classtype:trojan-activity;sid:82706282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843181)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.118.195.250"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843181/; classtype:trojan-activity;sid:82706281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843180)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.234.148.199"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843180/; classtype:trojan-activity;sid:82706280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843179)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"81.1.242.176"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843179/; classtype:trojan-activity;sid:82706279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843178)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.3.159.226"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843178/; classtype:trojan-activity;sid:82706278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843177)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"176.91.180.146"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843177/; classtype:trojan-activity;sid:82706277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843174)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.40.75.56"; depth:11; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843174/; classtype:trojan-activity;sid:82706274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843175)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.15.194.90"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843175/; classtype:trojan-activity;sid:82706275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843176)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"118.174.110.172"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843176/; classtype:trojan-activity;sid:82706276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843173)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.99.35.115"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843173/; classtype:trojan-activity;sid:82706273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843172)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.99.63.176"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843172/; classtype:trojan-activity;sid:82706272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843170)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.99.37.54"; depth:11; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843170/; classtype:trojan-activity;sid:82706270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843171)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"121.234.190.116"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843171/; classtype:trojan-activity;sid:82706271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843165)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"113.116.88.246"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843165/; classtype:trojan-activity;sid:82706265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843166)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.5.205"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843166/; classtype:trojan-activity;sid:82706266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843167)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.193.64.50"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843167/; classtype:trojan-activity;sid:82706267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843168)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.76.182"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843168/; classtype:trojan-activity;sid:82706268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843169)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.116.55.30"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843169/; classtype:trojan-activity;sid:82706269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843161)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.135.219.232"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843161/; classtype:trojan-activity;sid:82706261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843162)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.248.148.135"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843162/; classtype:trojan-activity;sid:82706262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843163)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.225.250.77"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843163/; classtype:trojan-activity;sid:82706263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843164)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.253.5.77"; depth:11; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843164/; classtype:trojan-activity;sid:82706264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843157)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"14.160.177.242"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843157/; classtype:trojan-activity;sid:82706257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843158)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.238.2"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843158/; classtype:trojan-activity;sid:82706258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843159)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"116.73.67.68"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843159/; classtype:trojan-activity;sid:82706259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843160)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"122.191.177.194"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843160/; classtype:trojan-activity;sid:82706260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843155)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/city/blwbfku/"; depth:14; endswith; nocase; http.host; content:"directorio.reservado.com.bo"; depth:27; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843155/; classtype:trojan-activity;sid:82706255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843156)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.211.208"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843156/; classtype:trojan-activity;sid:82706256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843154)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.30.1.157"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843154/; classtype:trojan-activity;sid:82706254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843152)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.215.50.39"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843152/; classtype:trojan-activity;sid:82706252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843153)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.237.18.246"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843153/; classtype:trojan-activity;sid:82706253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843149)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.44.8.63"; depth:11; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843149/; classtype:trojan-activity;sid:82706249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843150)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.193.158.46"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843150/; classtype:trojan-activity;sid:82706250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843151)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"58.255.22.95"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843151/; classtype:trojan-activity;sid:82706251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843143)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.20.107"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843143/; classtype:trojan-activity;sid:82706243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843144)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.201.194.186"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843144/; classtype:trojan-activity;sid:82706244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843145)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"49.70.39.228"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843145/; classtype:trojan-activity;sid:82706245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843146)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.156.101.21"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843146/; classtype:trojan-activity;sid:82706246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843147)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.255.12.82"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843147/; classtype:trojan-activity;sid:82706247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843148)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.216.40"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843148/; classtype:trojan-activity;sid:82706248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843140)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.5.148.94"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843140/; classtype:trojan-activity;sid:82706240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843141)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"192.72.17.236"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843141/; classtype:trojan-activity;sid:82706241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843142)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.52.60.220"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843142/; classtype:trojan-activity;sid:82706242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843139)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/pryjzqugykipw/"; depth:24; endswith; nocase; http.host; content:"vidaaguacate.com"; depth:16; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843139/; classtype:trojan-activity;sid:82706239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843138)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"83.224.140.199"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843138/; classtype:trojan-activity;sid:82706238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843137)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.116.88.60"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843137/; classtype:trojan-activity;sid:82706237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843136)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"116.72.20.37"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843136/; classtype:trojan-activity;sid:82706236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843135)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.48.234.3"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843135/; classtype:trojan-activity;sid:82706235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843132)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.8.24.164"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843132/; classtype:trojan-activity;sid:82706232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843133)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.98.180.151"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843133/; classtype:trojan-activity;sid:82706233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843134)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.234.215.235"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843134/; classtype:trojan-activity;sid:82706234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843131)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.222.165.178"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843131/; classtype:trojan-activity;sid:82706231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843130)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"121.205.214.225"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843130/; classtype:trojan-activity;sid:82706230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843129)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.251.60.227"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843129/; classtype:trojan-activity;sid:82706229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843128)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.234.148.199"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843128/; classtype:trojan-activity;sid:82706228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843126)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"114.134.27.72"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843126/; classtype:trojan-activity;sid:82706226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843127)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"60.185.112.137"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843127/; classtype:trojan-activity;sid:82706227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843125)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.5.205"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843125/; classtype:trojan-activity;sid:82706225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843124)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.254.66.218"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843124/; classtype:trojan-activity;sid:82706224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843123)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.44.8.63"; depth:11; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843123/; classtype:trojan-activity;sid:82706223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843122)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.240.48.11"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843122/; classtype:trojan-activity;sid:82706222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843121)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"60.209.18.229"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843121/; classtype:trojan-activity;sid:82706221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843120)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"60.185.164.66"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843120/; classtype:trojan-activity;sid:82706220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843119)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.249.72.95"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843119/; classtype:trojan-activity;sid:82706219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843117)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.248.148.63"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843117/; classtype:trojan-activity;sid:82706217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843118)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"49.89.223.151"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843118/; classtype:trojan-activity;sid:82706218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843116)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.180.130.232"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843116/; classtype:trojan-activity;sid:82706216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843115)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"49.89.93.242"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843115/; classtype:trojan-activity;sid:82706215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843114)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"58.253.15.237"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843114/; classtype:trojan-activity;sid:82706214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843113)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.121.46.123"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843113/; classtype:trojan-activity;sid:82706213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843112)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.121.106.135"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843112/; classtype:trojan-activity;sid:82706212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843110)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.222.173.182"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843110/; classtype:trojan-activity;sid:82706210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843111)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.146.49"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843111/; classtype:trojan-activity;sid:82706211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843109)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.86.147.142"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843109/; classtype:trojan-activity;sid:82706209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843108)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.50.48.18"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843108/; classtype:trojan-activity;sid:82706208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843107)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"118.81.4.48"; depth:11; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843107/; classtype:trojan-activity;sid:82706207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843103)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.8.18.112"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843103/; classtype:trojan-activity;sid:82706203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843104)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"101.109.246.8"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843104/; classtype:trojan-activity;sid:82706204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843105)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.222.173.227"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843105/; classtype:trojan-activity;sid:82706205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843106)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.49.218.10"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843106/; classtype:trojan-activity;sid:82706206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843102)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.239.103.104"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843102/; classtype:trojan-activity;sid:82706202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843101)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.248.184.146"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843101/; classtype:trojan-activity;sid:82706201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843100)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.241.50"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843100/; classtype:trojan-activity;sid:82706200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843099)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"60.177.158.63"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843099/; classtype:trojan-activity;sid:82706199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843098)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"49.70.96.247"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843098/; classtype:trojan-activity;sid:82706198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843097)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.30.1.157"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843097/; classtype:trojan-activity;sid:82706197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843096)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.249.17.129"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843096/; classtype:trojan-activity;sid:82706196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843095)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.104.128.242"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843095/; classtype:trojan-activity;sid:82706195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843093)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"115.56.5.140"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843093/; classtype:trojan-activity;sid:82706193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843094)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.202.63.35"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843094/; classtype:trojan-activity;sid:82706194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843092)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"61.52.84.121"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843092/; classtype:trojan-activity;sid:82706192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843091)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"61.166.176.111"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843091/; classtype:trojan-activity;sid:82706191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843089)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"171.35.172.17"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843089/; classtype:trojan-activity;sid:82706189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843090)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.99.46.153"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843090/; classtype:trojan-activity;sid:82706190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843088)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.225.255.160"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843088/; classtype:trojan-activity;sid:82706188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843087)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.203.28.174"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843087/; classtype:trojan-activity;sid:82706187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843086)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.121.231.139"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843086/; classtype:trojan-activity;sid:82706186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843085)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.3.153.140"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843085/; classtype:trojan-activity;sid:82706185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843084)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.215.250.50"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843084/; classtype:trojan-activity;sid:82706184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843083)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"163.204.222.176"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843083/; classtype:trojan-activity;sid:82706183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843082)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"171.125.147.240"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843082/; classtype:trojan-activity;sid:82706182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843080)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"163.179.164.116"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843080/; classtype:trojan-activity;sid:82706180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843081)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"124.133.186.113"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843081/; classtype:trojan-activity;sid:82706181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843079)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.85.167.49"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843079/; classtype:trojan-activity;sid:82706179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843078)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"116.17.189.77"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843078/; classtype:trojan-activity;sid:82706178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843076)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.246.131.92"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843076/; classtype:trojan-activity;sid:82706176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843077)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.201.205.211"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843077/; classtype:trojan-activity;sid:82706177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843075)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.116.224.173"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843075/; classtype:trojan-activity;sid:82706175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843074)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cgi-bin/lmbt8/"; depth:15; endswith; nocase; http.host; content:"www.rarepandastore.com"; depth:22; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843074/; classtype:trojan-activity;sid:82706174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843073)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"121.205.214.225"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843073/; classtype:trojan-activity;sid:82706173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843072)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.3.185.69"; depth:11; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843072/; classtype:trojan-activity;sid:82706172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843071)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/domains/79tafyfwa87ozrd/"; depth:25; endswith; nocase; http.host; content:"importvestir.com"; depth:16; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843071/; classtype:trojan-activity;sid:82706171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843070)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.254.66.218"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843070/; classtype:trojan-activity;sid:82706170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843069)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"111.92.116.177"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843069/; classtype:trojan-activity;sid:82706169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843068)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cgi-bin/nsml2hkv/"; depth:18; endswith; nocase; http.host; content:"www.allpartsbroker.com"; depth:22; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843068/; classtype:trojan-activity;sid:82706168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843067)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.213.43.119"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843067/; classtype:trojan-activity;sid:82706167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843065)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"95.137.248.182"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843065/; classtype:trojan-activity;sid:82706165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843066)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.52.190.110"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843066/; classtype:trojan-activity;sid:82706166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843064)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.21.225"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843064/; classtype:trojan-activity;sid:82706164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843063)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.237.0.197"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843063/; classtype:trojan-activity;sid:82706163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843062)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.156.26.140"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843062/; classtype:trojan-activity;sid:82706162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843061)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"58.253.9.155"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843061/; classtype:trojan-activity;sid:82706161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843060)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"211.76.32.59"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843060/; classtype:trojan-activity;sid:82706160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843059)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"123.4.87.137"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843059/; classtype:trojan-activity;sid:82706159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843058)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"163.142.121.21"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843058/; classtype:trojan-activity;sid:82706158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843057)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"182.120.98.229"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843057/; classtype:trojan-activity;sid:82706157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843056)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"115.58.89.106"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843056/; classtype:trojan-activity;sid:82706156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843055)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.12.235.175"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843055/; classtype:trojan-activity;sid:82706155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843054)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.5.164"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843054/; classtype:trojan-activity;sid:82706154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843053)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.50.227.177"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843053/; classtype:trojan-activity;sid:82706153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843052)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.87.250.60"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843052/; classtype:trojan-activity;sid:82706152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843051)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.104.128.242"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843051/; classtype:trojan-activity;sid:82706151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843050)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.195.91.4"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843050/; classtype:trojan-activity;sid:82706150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843049)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/work/top.exe"; depth:13; endswith; nocase; http.host; content:"neofunkyjunky.com"; depth:17; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843049/; classtype:trojan-activity;sid:82706149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843048)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"59.92.46.5"; depth:10; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843048/; classtype:trojan-activity;sid:82706148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843047)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1/dotms_5/gxkrbttfvglgigwlg.dotm"; depth:33; endswith; nocase; http.host; content:"fire.hypersys-server.com.ar"; depth:27; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843047/; classtype:trojan-activity;sid:82706147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843046)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/images/hta_5/xuujbujnky.hta"; depth:28; endswith; nocase; http.host; content:"msbx.net"; depth:8; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843046/; classtype:trojan-activity;sid:82706146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843045)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yb6mwhorefacesup2m6nwankergwh"; depth:30; endswith; nocase; http.host; content:"92.243.25.142"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843045/; classtype:trojan-activity;sid:82706145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843044)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"179.43.100.24"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843044/; classtype:trojan-activity;sid:82706144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843043)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/attachments/911253697013628941/915540698634256394/oerpubsvwhoreniggagay.bin"; depth:76; endswith; nocase; http.host; content:"cdn.discordapp.com"; depth:18; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843043/; classtype:trojan-activity;sid:82706143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843041)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/attachments/911246617275957290/915528749108322344/cgafsvowzwhoreniggagay.bin"; depth:77; endswith; nocase; http.host; content:"cdn.discordapp.com"; depth:18; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843041/; classtype:trojan-activity;sid:82706141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843042)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/attachments/911251129176850447/915533832667660318/iaibugwhoreniggagay.bin"; depth:74; endswith; nocase; http.host; content:"cdn.discordapp.com"; depth:18; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843042/; classtype:trojan-activity;sid:82706142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843039)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"58.249.79.173"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843039/; classtype:trojan-activity;sid:82706139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843040)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.43.118.104"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843040/; classtype:trojan-activity;sid:82706140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843038)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.142.220.140"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843038/; classtype:trojan-activity;sid:82706138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843037)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.43.108.53"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843037/; classtype:trojan-activity;sid:82706137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843036)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/images/hta_5/tjhtndmsbkb.hta"; depth:29; endswith; nocase; http.host; content:"msbx.net"; depth:8; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843036/; classtype:trojan-activity;sid:82706136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843034)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.73.128.178"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843034/; classtype:trojan-activity;sid:82706134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843035)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.38.142.120"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843035/; classtype:trojan-activity;sid:82706135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843033)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.123.192.55"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843033/; classtype:trojan-activity;sid:82706133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843032)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.41.190.27"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843032/; classtype:trojan-activity;sid:82706132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843031)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"163.204.221.154"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843031/; classtype:trojan-activity;sid:82706131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843030)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.163.146.167"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843030/; classtype:trojan-activity;sid:82706130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843029)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.104.109.109"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843029/; classtype:trojan-activity;sid:82706129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843028)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.215.215.91"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843028/; classtype:trojan-activity;sid:82706128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843026)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.215.210.125"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843026/; classtype:trojan-activity;sid:82706126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843027)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.63.36.228"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843027/; classtype:trojan-activity;sid:82706127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843025)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.251.60.227"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843025/; classtype:trojan-activity;sid:82706125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843024)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"58.249.86.10"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843024/; classtype:trojan-activity;sid:82706124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843023)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/threeaminos/wp-content/nrvrjjru/"; depth:33; endswith; nocase; http.host; content:"nlmwebdev.com"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843023/; classtype:trojan-activity;sid:82706123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843022)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/begv/xh2smemvhbtduzh8iuehbww/"; depth:30; endswith; nocase; http.host; content:"a.sjmall.top"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843022/; classtype:trojan-activity;sid:82706122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843021)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/images/ybbnzwalwxzwa6ky6wxixyp/"; depth:32; endswith; nocase; http.host; content:"kiemtientugame.com"; depth:18; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843021/; classtype:trojan-activity;sid:82706121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843020)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/includes/mzxgpp9kuxc3t8mp/"; depth:36; endswith; nocase; http.host; content:"www.hyperz.top"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843020/; classtype:trojan-activity;sid:82706120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843018)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/ghmjcenrennupbleaadtz/"; depth:32; endswith; nocase; http.host; content:"chinchincargo.com"; depth:17; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843018/; classtype:trojan-activity;sid:82706118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843019)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-includes/nm55qk7wcxkbrlm/"; depth:29; endswith; nocase; http.host; content:"chauvettheatre.com"; depth:18; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843019/; classtype:trojan-activity;sid:82706119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843016)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"176.221.251.147"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843016/; classtype:trojan-activity;sid:82706116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843017)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/_include/449xbsn6c/"; depth:20; endswith; nocase; http.host; content:"veletrgovina.net"; depth:16; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843017/; classtype:trojan-activity;sid:82706117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843015)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"180.188.237.137"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843015/; classtype:trojan-activity;sid:82706115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843014)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/6878_1638391430_1269.exe"; depth:31; endswith; nocase; http.host; content:"host-file-host-3.com"; depth:20; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843014/; classtype:trojan-activity;sid:82706114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843013)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/1950_1638361993_6765.exe"; depth:31; endswith; nocase; http.host; content:"host-file-host-3.com"; depth:20; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843013/; classtype:trojan-activity;sid:82706113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843012)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1100/vbc.exe"; depth:13; endswith; nocase; http.host; content:"192.3.122.180"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843012/; classtype:trojan-activity;sid:82706112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843011)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"116.75.195.13"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843011/; classtype:trojan-activity;sid:82706111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843010)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.224.251"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843010/; classtype:trojan-activity;sid:82706110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843009)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/attachments/911246617275957290/915528738408640582/tvgqlboimcaktuwhoreniggagay.bin"; depth:82; endswith; nocase; http.host; content:"cdn.discordapp.com"; depth:18; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843009/; classtype:trojan-activity;sid:82706109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843007)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/attachments/911253697013628941/915540820470407178/owpjpclxpcrwhoreniggagay.bin"; depth:79; endswith; nocase; http.host; content:"cdn.discordapp.com"; depth:18; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843007/; classtype:trojan-activity;sid:82706107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843008)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/attachments/911251129176850447/915534063857717288/sihzkpwhoreniggagay.bin"; depth:74; endswith; nocase; http.host; content:"cdn.discordapp.com"; depth:18; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843008/; classtype:trojan-activity;sid:82706108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843006)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/wyjokyyxykievg/"; depth:27; endswith; nocase; http.host; content:"ruchiapajamas.com"; depth:17; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843006/; classtype:trojan-activity;sid:82706106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843005)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/images/hta_5/hxkupuhtpte.hta"; depth:29; endswith; nocase; http.host; content:"msbx.net"; depth:8; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843005/; classtype:trojan-activity;sid:82706105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843004)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"163.125.175.109"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843004/; classtype:trojan-activity;sid:82706104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843003)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"163.204.218.46"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843003/; classtype:trojan-activity;sid:82706103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843002)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.5.164"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843002/; classtype:trojan-activity;sid:82706102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843001)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/work/mix.exe"; depth:13; endswith; nocase; http.host; content:"neofunkyjunky.com"; depth:17; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843001/; classtype:trojan-activity;sid:82706101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1843000)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"45.229.55.109"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1843000/; classtype:trojan-activity;sid:82706100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842997)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"41.86.21.38"; depth:11; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842997/; classtype:trojan-activity;sid:82706097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842998)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.157.54.173"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842998/; classtype:trojan-activity;sid:82706098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842999)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.137.5.129"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842999/; classtype:trojan-activity;sid:82706099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842995)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.238.249.237"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842995/; classtype:trojan-activity;sid:82706095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842996)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.154.127.106"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842996/; classtype:trojan-activity;sid:82706096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842994)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.14.57.37"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842994/; classtype:trojan-activity;sid:82706094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842993)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.66.216"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842993/; classtype:trojan-activity;sid:82706093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842992)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.228.33.60"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842992/; classtype:trojan-activity;sid:82706092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842991)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.155.86.164"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842991/; classtype:trojan-activity;sid:82706091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842990)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.224.167.245"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842990/; classtype:trojan-activity;sid:82706090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842989)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.44.209.47"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842989/; classtype:trojan-activity;sid:82706089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842988)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.84.229.96"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842988/; classtype:trojan-activity;sid:82706088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842987)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.195.93.48"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842987/; classtype:trojan-activity;sid:82706087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842986)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.108.202"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842986/; classtype:trojan-activity;sid:82706086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842985)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.5.132.26"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842985/; classtype:trojan-activity;sid:82706085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842984)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.59.62.132"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842984/; classtype:trojan-activity;sid:82706084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842982)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/zh4riru/"; depth:20; endswith; nocase; http.host; content:"ascarya.digital"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842982/; classtype:trojan-activity;sid:82706082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842983)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"59.93.31.213"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842983/; classtype:trojan-activity;sid:82706083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842981)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.20.3.13"; depth:11; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842981/; classtype:trojan-activity;sid:82706081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842980)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/assets/css/dotms_4/zbxbnfszpusmhytu.dotm"; depth:41; endswith; nocase; http.host; content:"my.dexserver.com"; depth:16; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842980/; classtype:trojan-activity;sid:82706080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842978)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1/dotms_5/deovhluhgqaw.dotm"; depth:28; endswith; nocase; http.host; content:"fire.hypersys-server.com.ar"; depth:27; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842978/; classtype:trojan-activity;sid:82706078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842979)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1/dotms_5/iktgaenzeyovyf.dotm"; depth:30; endswith; nocase; http.host; content:"fire.hypersys-server.com.ar"; depth:27; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842979/; classtype:trojan-activity;sid:82706079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842977)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.141.10.224"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842977/; classtype:trojan-activity;sid:82706077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842976)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.156.139.126"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842976/; classtype:trojan-activity;sid:82706076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842975)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.198.165.134"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842975/; classtype:trojan-activity;sid:82706075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842974)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.50.9"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842974/; classtype:trojan-activity;sid:82706074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842973)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"60.0.88.223"; depth:11; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842973/; classtype:trojan-activity;sid:82706073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842972)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.45.119.155"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842972/; classtype:trojan-activity;sid:82706072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842971)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"42.58.218.36"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842971/; classtype:trojan-activity;sid:82706071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842970)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.141.42.64"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842970/; classtype:trojan-activity;sid:82706070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842968)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.53.236.29"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842968/; classtype:trojan-activity;sid:82706068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842969)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"219.157.39.143"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842969/; classtype:trojan-activity;sid:82706069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842967)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"58.248.143.117"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842967/; classtype:trojan-activity;sid:82706067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842965)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"163.204.223.34"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842965/; classtype:trojan-activity;sid:82706065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842966)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.123.250.35"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842966/; classtype:trojan-activity;sid:82706066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842964)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"154.192.45.144"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842964/; classtype:trojan-activity;sid:82706064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842963)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.46.147.84"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842963/; classtype:trojan-activity;sid:82706063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842962)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"150.107.114.229"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842962/; classtype:trojan-activity;sid:82706062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842961)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.43.94.38"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842961/; classtype:trojan-activity;sid:82706061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842960)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.228.189.240"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842960/; classtype:trojan-activity;sid:82706060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842959)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"114.226.44.170"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842959/; classtype:trojan-activity;sid:82706059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842958)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.245.233.18"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842958/; classtype:trojan-activity;sid:82706058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842957)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.215.247.76"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842957/; classtype:trojan-activity;sid:82706057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842956)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.224.251"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842956/; classtype:trojan-activity;sid:82706056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842955)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.141.12.0"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842955/; classtype:trojan-activity;sid:82706055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842954)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.98.49.39"; depth:11; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842954/; classtype:trojan-activity;sid:82706054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842953)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"14.234.143.118"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842953/; classtype:trojan-activity;sid:82706053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842952)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.89.41.103"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842952/; classtype:trojan-activity;sid:82706052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842951)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.215.247.76"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842951/; classtype:trojan-activity;sid:82706051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842950)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.66.216"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842950/; classtype:trojan-activity;sid:82706050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842949)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.207.183.103"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842949/; classtype:trojan-activity;sid:82706049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842948)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.224.174.110"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842948/; classtype:trojan-activity;sid:82706048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842947)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"36.26.150.170"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842947/; classtype:trojan-activity;sid:82706047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842946)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"41.86.18.4"; depth:10; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842946/; classtype:trojan-activity;sid:82706046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842945)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.45.90.98"; depth:11; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842945/; classtype:trojan-activity;sid:82706045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842944)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.229.233.239"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842944/; classtype:trojan-activity;sid:82706044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842942)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.215.211.15"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842942/; classtype:trojan-activity;sid:82706042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842943)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"58.249.74.131"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842943/; classtype:trojan-activity;sid:82706043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842941)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.3.144.98"; depth:11; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842941/; classtype:trojan-activity;sid:82706041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842940)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.10.215.7"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842940/; classtype:trojan-activity;sid:82706040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842939)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"182.121.174.229"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842939/; classtype:trojan-activity;sid:82706039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842938)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.209.7.20"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842938/; classtype:trojan-activity;sid:82706038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842937)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.248.101.253"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842937/; classtype:trojan-activity;sid:82706037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842936)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/downloads/toolspab2.exe"; depth:24; endswith; nocase; http.host; content:"privacytoolzfor-you7000.com"; depth:27; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842936/; classtype:trojan-activity;sid:82706036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842935)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.66.108.13"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842935/; classtype:trojan-activity;sid:82706035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842934)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"124.163.145.174"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842934/; classtype:trojan-activity;sid:82706034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842931)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.118.216.118"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842931/; classtype:trojan-activity;sid:82706031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842932)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"125.43.6.188"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842932/; classtype:trojan-activity;sid:82706032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842933)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.223.254.54"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842933/; classtype:trojan-activity;sid:82706033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842929)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.98.196.155"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842929/; classtype:trojan-activity;sid:82706029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842930)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.41.104.110"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842930/; classtype:trojan-activity;sid:82706030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842928)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"111.38.104.15"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842928/; classtype:trojan-activity;sid:82706028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842927)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.155.235.149"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842927/; classtype:trojan-activity;sid:82706027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842926)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"101.17.56.156"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842926/; classtype:trojan-activity;sid:82706026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842925)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"111.223.2.53"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842925/; classtype:trojan-activity;sid:82706025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842924)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"180.188.251.120"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842924/; classtype:trojan-activity;sid:82706024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842923)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/9873_1638332233_9756.exe"; depth:31; endswith; nocase; http.host; content:"host-file-host-3.com"; depth:20; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842923/; classtype:trojan-activity;sid:82706023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842922)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.247.36.61"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842922/; classtype:trojan-activity;sid:82706022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842921)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.50.69.94"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842921/; classtype:trojan-activity;sid:82706021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842920)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.118.120.70"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842920/; classtype:trojan-activity;sid:82706020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842918)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.230.131.45"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842918/; classtype:trojan-activity;sid:82706018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842917)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.66.74.64"; depth:11; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842917/; classtype:trojan-activity;sid:82706017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842915)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.93.28.129"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842915/; classtype:trojan-activity;sid:82706015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842916)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.249.21.246"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842916/; classtype:trojan-activity;sid:82706016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842914)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.119.34.34"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842914/; classtype:trojan-activity;sid:82706014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842913)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.239.66.162"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842913/; classtype:trojan-activity;sid:82706013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842912)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.15.253.156"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842912/; classtype:trojan-activity;sid:82706012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842911)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/alfa_data/ljoyjykljyomz/"; depth:25; endswith; nocase; http.host; content:"brand-journalism.com"; depth:20; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842911/; classtype:trojan-activity;sid:82706011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842910)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"186.33.70.211"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842910/; classtype:trojan-activity;sid:82706010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842909)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.126.92.96"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842909/; classtype:trojan-activity;sid:82706009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842908)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.176.96.251"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842908/; classtype:trojan-activity;sid:82706008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842907)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.122.130.64"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842907/; classtype:trojan-activity;sid:82706007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842906)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"116.75.192.175"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842906/; classtype:trojan-activity;sid:82706006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842904)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"119.123.125.169"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842904/; classtype:trojan-activity;sid:82706004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842905)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.63.180.86"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842905/; classtype:trojan-activity;sid:82706005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842901)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"124.152.37.75"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842901/; classtype:trojan-activity;sid:82706001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842902)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.196.21.149"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842902/; classtype:trojan-activity;sid:82706002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842903)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.17.146.196"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842903/; classtype:trojan-activity;sid:82706003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842900)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.136.88.147"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842900/; classtype:trojan-activity;sid:82706000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842899)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.95.75.170"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842899/; classtype:trojan-activity;sid:82705999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842898)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/downloads/toolspab3.exe"; depth:24; endswith; nocase; http.host; content:"privacytoolzfor-you7000.com"; depth:27; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842898/; classtype:trojan-activity;sid:82705998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842897)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"64.66.214.75"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842897/; classtype:trojan-activity;sid:82705997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842894)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/attachments/911251129176850447/915535310761381898/ghvfnwwwhoreniggagay.bin"; depth:75; endswith; nocase; http.host; content:"cdn.discordapp.com"; depth:18; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842894/; classtype:trojan-activity;sid:82705994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842895)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/attachments/911246617275957290/915529915850444851/pmwuoatdjxwswhoreniggagay.bin"; depth:80; endswith; nocase; http.host; content:"cdn.discordapp.com"; depth:18; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842895/; classtype:trojan-activity;sid:82705995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842896)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/attachments/911251129176850447/915534973937811486/axvbthnxwhoreniggagay.bin"; depth:76; endswith; nocase; http.host; content:"cdn.discordapp.com"; depth:18; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842896/; classtype:trojan-activity;sid:82705996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842893)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dotms_8/ouidmyhqiej.dotm"; depth:25; endswith; nocase; http.host; content:"painelcs.duckdns.org"; depth:20; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842893/; classtype:trojan-activity;sid:82705993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842892)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yanusef23frecumdumpsterer3fewjbh"; depth:33; endswith; nocase; http.host; content:"94.237.47.46"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842892/; classtype:trojan-activity;sid:82705992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842891)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.95.64.146"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842891/; classtype:trojan-activity;sid:82705991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842890)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.94.132.207"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842890/; classtype:trojan-activity;sid:82705990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842887)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.249.82.154"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842887/; classtype:trojan-activity;sid:82705987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842888)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.15.190.94"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842888/; classtype:trojan-activity;sid:82705988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842889)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.235.184.93"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842889/; classtype:trojan-activity;sid:82705989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842886)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.138.179.187"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842886/; classtype:trojan-activity;sid:82705986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842884)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.252.165.207"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842884/; classtype:trojan-activity;sid:82705984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842885)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.142.119.41"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842885/; classtype:trojan-activity;sid:82705985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842883)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.119.20.168"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842883/; classtype:trojan-activity;sid:82705983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842882)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"163.179.160.21"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842882/; classtype:trojan-activity;sid:82705982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842881)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.3.144.98"; depth:11; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842881/; classtype:trojan-activity;sid:82705981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842880)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.141.120.12"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842880/; classtype:trojan-activity;sid:82705980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842879)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.120.219.106"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842879/; classtype:trojan-activity;sid:82705979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842877)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.121.159.228"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842877/; classtype:trojan-activity;sid:82705977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842878)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"162.191.157.4"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842878/; classtype:trojan-activity;sid:82705978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842876)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.195.92.63"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842876/; classtype:trojan-activity;sid:82705976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842875)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"113.90.13.208"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842875/; classtype:trojan-activity;sid:82705975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842874)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.85.253"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842874/; classtype:trojan-activity;sid:82705974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842873)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.244.32.167"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842873/; classtype:trojan-activity;sid:82705973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842872)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.110.164.202"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842872/; classtype:trojan-activity;sid:82705972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842871)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"122.245.14.224"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842871/; classtype:trojan-activity;sid:82705971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842870)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"192.210.201.83"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842870/; classtype:trojan-activity;sid:82705970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842869)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.137.69.53"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842869/; classtype:trojan-activity;sid:82705969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842868)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.28.66"; depth:11; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842868/; classtype:trojan-activity;sid:82705968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842867)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.26.84"; depth:11; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842867/; classtype:trojan-activity;sid:82705967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842865)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"86.57.232.140"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842865/; classtype:trojan-activity;sid:82705965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842866)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"27.45.92.213"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842866/; classtype:trojan-activity;sid:82705966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842864)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.40.117.174"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842864/; classtype:trojan-activity;sid:82705964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842862)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"45.201.204.240"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842862/; classtype:trojan-activity;sid:82705962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842863)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.238.136.90"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842863/; classtype:trojan-activity;sid:82705963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842861)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"183.95.8.201"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842861/; classtype:trojan-activity;sid:82705961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842854)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1/dotms_5/amrwhxohogffvuanx.dotm"; depth:33; endswith; nocase; http.host; content:"fire.hypersys-server.com.ar"; depth:27; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842854/; classtype:trojan-activity;sid:82705954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842855)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1/dotms_5/csvqhtwjodsmqrs.dotm"; depth:31; endswith; nocase; http.host; content:"fire.hypersys-server.com.ar"; depth:27; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842855/; classtype:trojan-activity;sid:82705955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842856)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1/dotms_5/jftjxrnziubwttbsvxuw.dotm"; depth:36; endswith; nocase; http.host; content:"fire.hypersys-server.com.ar"; depth:27; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842856/; classtype:trojan-activity;sid:82705956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842857)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1/dotms_5/ctzkexnyliki.dotm"; depth:28; endswith; nocase; http.host; content:"fire.hypersys-server.com.ar"; depth:27; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842857/; classtype:trojan-activity;sid:82705957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842858)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1/dotms_5/bdvuivuuyylxzbotat.dotm"; depth:34; endswith; nocase; http.host; content:"fire.hypersys-server.com.ar"; depth:27; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842858/; classtype:trojan-activity;sid:82705958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842859)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1/dotms_5/nsxqxhradlcttx.dotm"; depth:30; endswith; nocase; http.host; content:"fire.hypersys-server.com.ar"; depth:27; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842859/; classtype:trojan-activity;sid:82705959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842860)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1/dotms_5/jizgczbmim.dotm"; depth:26; endswith; nocase; http.host; content:"fire.hypersys-server.com.ar"; depth:27; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842860/; classtype:trojan-activity;sid:82705960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842851)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1/dotms_5/fdjaptcnzpnmvzeew.dotm"; depth:33; endswith; nocase; http.host; content:"fire.hypersys-server.com.ar"; depth:27; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842851/; classtype:trojan-activity;sid:82705951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842852)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1/dotms_5/ixtgyzgdczjpp.dotm"; depth:29; endswith; nocase; http.host; content:"fire.hypersys-server.com.ar"; depth:27; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842852/; classtype:trojan-activity;sid:82705952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842853)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1/dotms_5/lqsnvcfuzvdqkq.dotm"; depth:30; endswith; nocase; http.host; content:"fire.hypersys-server.com.ar"; depth:27; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842853/; classtype:trojan-activity;sid:82705953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842850)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.126.112.251"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842850/; classtype:trojan-activity;sid:82705950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842849)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"163.125.19.98"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842849/; classtype:trojan-activity;sid:82705949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842848)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"163.125.28.24"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842848/; classtype:trojan-activity;sid:82705948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842847)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.50.210.202"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842847/; classtype:trojan-activity;sid:82705947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842846)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.44.237.177"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842846/; classtype:trojan-activity;sid:82705946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842845)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"173.11.194.164"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842845/; classtype:trojan-activity;sid:82705945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842844)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"112.81.13.148"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842844/; classtype:trojan-activity;sid:82705944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842843)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"206.47.41.175"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842843/; classtype:trojan-activity;sid:82705943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842841)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.87.1.90"; depth:11; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842841/; classtype:trojan-activity;sid:82705941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842842)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.112.170.195"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842842/; classtype:trojan-activity;sid:82705942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842840)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.95.11.113"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842840/; classtype:trojan-activity;sid:82705940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842839)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.137.102.90"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842839/; classtype:trojan-activity;sid:82705939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842838)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/srnng5m/bavn9psffp9sftx/"; depth:25; endswith; nocase; http.host; content:"romantic-cohen.104-131-167-46.plesk.page"; depth:40; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842838/; classtype:trojan-activity;sid:82705938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842837)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1/1.mp3/12whoreniggagay.bin"; depth:28; endswith; nocase; http.host; content:"fire.hypersys-server.com.ar"; depth:27; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842837/; classtype:trojan-activity;sid:82705937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842836)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"171.112.35.48"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842836/; classtype:trojan-activity;sid:82705936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842835)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.119.218.153"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842835/; classtype:trojan-activity;sid:82705935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842834)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/nla9jrm/"; depth:20; endswith; nocase; http.host; content:"www.darkartists.org"; depth:19; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842834/; classtype:trojan-activity;sid:82705934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842832)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.252.184.76"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842832/; classtype:trojan-activity;sid:82705932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842833)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.231.94.185"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842833/; classtype:trojan-activity;sid:82705933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842831)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.249.79.212"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842831/; classtype:trojan-activity;sid:82705931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842830)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a/hxvn2ukpuidawwb/"; depth:19; endswith; nocase; http.host; content:"oliva.co.id"; depth:11; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842830/; classtype:trojan-activity;sid:82705930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842829)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"191.16.3.112"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842829/; classtype:trojan-activity;sid:82705929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842828)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"191.16.120.230"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842828/; classtype:trojan-activity;sid:82705928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842826)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"1.4.159.163"; depth:11; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842826/; classtype:trojan-activity;sid:82705926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842827)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.14.236.174"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842827/; classtype:trojan-activity;sid:82705927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842824)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"163.204.210.240"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842824/; classtype:trojan-activity;sid:82705924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842825)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.112.60.188"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842825/; classtype:trojan-activity;sid:82705925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842823)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.59.72.179"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842823/; classtype:trojan-activity;sid:82705923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842822)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.183.92.108"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842822/; classtype:trojan-activity;sid:82705922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842821)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"186.33.72.215"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842821/; classtype:trojan-activity;sid:82705921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842820)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"82.151.123.130"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842820/; classtype:trojan-activity;sid:82705920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842818)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"116.72.59.46"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842818/; classtype:trojan-activity;sid:82705918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842819)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.208.140.21"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842819/; classtype:trojan-activity;sid:82705919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842817)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"123.128.17.34"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842817/; classtype:trojan-activity;sid:82705917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842816)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.224.246.192"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842816/; classtype:trojan-activity;sid:82705916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842815)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.50.174.53"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842815/; classtype:trojan-activity;sid:82705915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842814)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/68azshs/"; depth:18; endswith; nocase; http.host; content:"hireout.today"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842814/; classtype:trojan-activity;sid:82705914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842813)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vx8dh8/a8keijdv3pew/"; depth:21; endswith; nocase; http.host; content:"bookmart.co"; depth:11; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842813/; classtype:trojan-activity;sid:82705913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842812)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"140.237.148.36"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842812/; classtype:trojan-activity;sid:82705912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842811)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.15.90.60"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842811/; classtype:trojan-activity;sid:82705911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842809)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.221.178.86"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842809/; classtype:trojan-activity;sid:82705909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842810)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.251.48.164"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842810/; classtype:trojan-activity;sid:82705910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842808)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/kdqz/"; depth:15; endswith; nocase; http.host; content:"opened.today"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842808/; classtype:trojan-activity;sid:82705908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842807)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.90.227.196"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842807/; classtype:trojan-activity;sid:82705907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842806)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-includes/8y2trpsr8smc8b7d/"; depth:30; endswith; nocase; http.host; content:"pramukhkhabar.com"; depth:17; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842806/; classtype:trojan-activity;sid:82705906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842805)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.60.210.150"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842805/; classtype:trojan-activity;sid:82705905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842803)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.234.84.131"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842803/; classtype:trojan-activity;sid:82705903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842804)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.112.170.195"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842804/; classtype:trojan-activity;sid:82705904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842802)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.249.82.220"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842802/; classtype:trojan-activity;sid:82705902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842801)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"60.185.127.171"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842801/; classtype:trojan-activity;sid:82705901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842799)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.60.210.150"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842799/; classtype:trojan-activity;sid:82705899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842800)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"27.40.84.172"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842800/; classtype:trojan-activity;sid:82705900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842798)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"196.77.55.229"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842798/; classtype:trojan-activity;sid:82705898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842795)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1/dotms_5/bnjxycetdkt.dotm"; depth:27; endswith; nocase; http.host; content:"fire.hypersys-server.com.ar"; depth:27; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842795/; classtype:trojan-activity;sid:82705895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842796)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1/dotms_5/fftqftikpby.dotm"; depth:27; endswith; nocase; http.host; content:"fire.hypersys-server.com.ar"; depth:27; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842796/; classtype:trojan-activity;sid:82705896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842797)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/assets/css/dotms_4/akwxjezbjbzq.dotm"; depth:37; endswith; nocase; http.host; content:"my.dexserver.com"; depth:16; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842797/; classtype:trojan-activity;sid:82705897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842794)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.112.39.44"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842794/; classtype:trojan-activity;sid:82705894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842793)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.41.141.85"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842793/; classtype:trojan-activity;sid:82705893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842789)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.118.197.7"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842789/; classtype:trojan-activity;sid:82705889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842790)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.85.187.254"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842790/; classtype:trojan-activity;sid:82705890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842791)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.57.216.132"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842791/; classtype:trojan-activity;sid:82705891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842792)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"119.180.19.79"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842792/; classtype:trojan-activity;sid:82705892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842788)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"116.212.152.11"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842788/; classtype:trojan-activity;sid:82705888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842787)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"1.0.215.154"; depth:11; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842787/; classtype:trojan-activity;sid:82705887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842786)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.230.216.57"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842786/; classtype:trojan-activity;sid:82705886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842785)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.57.211.27"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842785/; classtype:trojan-activity;sid:82705885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842784)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"221.160.177.209"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842784/; classtype:trojan-activity;sid:82705884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842783)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"41.86.19.91"; depth:11; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842783/; classtype:trojan-activity;sid:82705883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842781)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.52.43.24"; depth:11; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842781/; classtype:trojan-activity;sid:82705881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842782)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"89.20.224.71"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842782/; classtype:trojan-activity;sid:82705882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842780)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.119.218.153"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842780/; classtype:trojan-activity;sid:82705880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842779)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.65.92.98"; depth:11; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842779/; classtype:trojan-activity;sid:82705879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842778)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.52.181.171"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842778/; classtype:trojan-activity;sid:82705878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842777)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.248.147.153"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842777/; classtype:trojan-activity;sid:82705877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842776)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.94.135.69"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842776/; classtype:trojan-activity;sid:82705876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842775)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.47.116.177"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842775/; classtype:trojan-activity;sid:82705875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842774)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.249.90.117"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842774/; classtype:trojan-activity;sid:82705874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842773)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.99.194.123"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842773/; classtype:trojan-activity;sid:82705873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842772)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.230.201.144"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842772/; classtype:trojan-activity;sid:82705872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842771)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.239.101.35"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842771/; classtype:trojan-activity;sid:82705871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842770)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"183.95.8.201"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842770/; classtype:trojan-activity;sid:82705870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842769)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"152.252.88.217"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842769/; classtype:trojan-activity;sid:82705869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842768)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"176.100.9.84"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842768/; classtype:trojan-activity;sid:82705868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842767)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.106.226.88"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842767/; classtype:trojan-activity;sid:82705867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842766)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.44.231.104"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842766/; classtype:trojan-activity;sid:82705866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842765)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.41.240.125"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842765/; classtype:trojan-activity;sid:82705865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842764)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.195.95.69"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842764/; classtype:trojan-activity;sid:82705864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842763)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.196.23.94"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842763/; classtype:trojan-activity;sid:82705863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842762)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.62.159.139"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842762/; classtype:trojan-activity;sid:82705862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842761)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.195.81.97"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842761/; classtype:trojan-activity;sid:82705861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842760)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.56.140.146"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842760/; classtype:trojan-activity;sid:82705860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842759)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"180.188.232.14"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842759/; classtype:trojan-activity;sid:82705859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842758)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"180.188.249.23"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842758/; classtype:trojan-activity;sid:82705858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842757)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"45.231.210.177"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842757/; classtype:trojan-activity;sid:82705857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842756)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"45.229.55.240"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842756/; classtype:trojan-activity;sid:82705856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842755)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"41.86.19.67"; depth:11; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842755/; classtype:trojan-activity;sid:82705855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842754)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"186.33.64.83"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842754/; classtype:trojan-activity;sid:82705854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842753)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cgi-bin/eciwzoqotul7fw/"; depth:24; endswith; nocase; http.host; content:"www.mdravens.org"; depth:16; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842753/; classtype:trojan-activity;sid:82705853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842752)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"94.67.206.170"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842752/; classtype:trojan-activity;sid:82705852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842751)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"95.137.248.199"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842751/; classtype:trojan-activity;sid:82705851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842749)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.157.162.97"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842749/; classtype:trojan-activity;sid:82705849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842750)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.159.237"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842750/; classtype:trojan-activity;sid:82705850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842747)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.43.109.13"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842747/; classtype:trojan-activity;sid:82705847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842748)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.75.48"; depth:11; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842748/; classtype:trojan-activity;sid:82705848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842746)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.102.16.22"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842746/; classtype:trojan-activity;sid:82705846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842744)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.249.72.245"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842744/; classtype:trojan-activity;sid:82705844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842745)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.207.44.44"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842745/; classtype:trojan-activity;sid:82705845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842743)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"185.99.47.249"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842743/; classtype:trojan-activity;sid:82705843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842742)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.10.37.21"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842742/; classtype:trojan-activity;sid:82705842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842741)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.119.166.147"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842741/; classtype:trojan-activity;sid:82705841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842740)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"186.33.90.194"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842740/; classtype:trojan-activity;sid:82705840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842739)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"14.186.114.99"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842739/; classtype:trojan-activity;sid:82705839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842738)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"186.33.87.16"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842738/; classtype:trojan-activity;sid:82705838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842736)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.53.228.52"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842736/; classtype:trojan-activity;sid:82705836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842737)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"118.172.72.132"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842737/; classtype:trojan-activity;sid:82705837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842735)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.221.182.178"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842735/; classtype:trojan-activity;sid:82705835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842734)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.46.239"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842734/; classtype:trojan-activity;sid:82705834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842733)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"186.33.79.157"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842733/; classtype:trojan-activity;sid:82705833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842732)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"171.112.152.34"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842732/; classtype:trojan-activity;sid:82705832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842731)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1/dotms_5/eqdqsyoasxvo.dotm"; depth:28; endswith; nocase; http.host; content:"fire.hypersys-server.com.ar"; depth:27; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842731/; classtype:trojan-activity;sid:82705831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842730)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.116.88.246"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842730/; classtype:trojan-activity;sid:82705830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842729)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.65.92.98"; depth:11; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842729/; classtype:trojan-activity;sid:82705829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842728)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.141.43.228"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842728/; classtype:trojan-activity;sid:82705828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842727)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.119.113.216"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842727/; classtype:trojan-activity;sid:82705827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842726)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.3.153.153"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842726/; classtype:trojan-activity;sid:82705826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842725)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/......w_w.....w.........-ww........-----www.----............ww--------....ww-/....ww.........-w-w------w-------ww-------......ww......---w.w--ww.w.wbk"; depth:151; endswith; nocase; http.host; content:"192.3.122.180"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842725/; classtype:trojan-activity;sid:82705825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842723)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"42.224.126.12"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842723/; classtype:trojan-activity;sid:82705823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842724)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"45.224.170.222"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842724/; classtype:trojan-activity;sid:82705824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842721)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.249.84.99"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842721/; classtype:trojan-activity;sid:82705821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842722)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"222.141.10.224"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842722/; classtype:trojan-activity;sid:82705822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842720)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.138.226.210"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842720/; classtype:trojan-activity;sid:82705820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842718)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.122.192.62"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842718/; classtype:trojan-activity;sid:82705818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842719)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"27.40.85.159"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842719/; classtype:trojan-activity;sid:82705819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842717)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"219.154.98.29"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842717/; classtype:trojan-activity;sid:82705817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842716)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.121.32.38"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842716/; classtype:trojan-activity;sid:82705816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842715)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"163.204.223.74"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842715/; classtype:trojan-activity;sid:82705815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842714)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"163.204.217.75"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842714/; classtype:trojan-activity;sid:82705814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842712)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"163.125.234.148"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842712/; classtype:trojan-activity;sid:82705812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842713)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"163.179.175.241"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842713/; classtype:trojan-activity;sid:82705813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842711)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"118.91.51.79"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842711/; classtype:trojan-activity;sid:82705811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842710)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"120.85.167.229"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842710/; classtype:trojan-activity;sid:82705810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842709)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"116.72.14.212"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842709/; classtype:trojan-activity;sid:82705809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842708)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"124.163.33.110"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842708/; classtype:trojan-activity;sid:82705808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842707)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.98.19.65"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842707/; classtype:trojan-activity;sid:82705807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842706)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"45.248.192.48"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842706/; classtype:trojan-activity;sid:82705806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842705)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"122.230.249.175"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842705/; classtype:trojan-activity;sid:82705805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842704)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cgi-bin/ucftwwfliu/"; depth:20; endswith; nocase; http.host; content:"www.bboprecords.com"; depth:19; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842704/; classtype:trojan-activity;sid:82705804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842703)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"111.179.190.192"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842703/; classtype:trojan-activity;sid:82705803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842702)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cgi-bin/ngdqyfyk0/"; depth:19; endswith; nocase; http.host; content:"www.teens-act.org"; depth:17; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842702/; classtype:trojan-activity;sid:82705802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842701)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"171.112.152.34"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842701/; classtype:trojan-activity;sid:82705801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842700)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.94.197.180"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842700/; classtype:trojan-activity;sid:82705800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842699)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.230.216.57"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842699/; classtype:trojan-activity;sid:82705799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842698)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"101.51.253.237"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842698/; classtype:trojan-activity;sid:82705798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842696)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"186.33.64.83"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842696/; classtype:trojan-activity;sid:82705796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842697)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.75.48"; depth:11; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842697/; classtype:trojan-activity;sid:82705797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842695)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cgi-bin/0uvggvvbhdddq/"; depth:23; endswith; nocase; http.host; content:"poppinmyway.com"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842695/; classtype:trojan-activity;sid:82705795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842694)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.94.134.109"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842694/; classtype:trojan-activity;sid:82705794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842692)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.45.14.125"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842692/; classtype:trojan-activity;sid:82705792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842693)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"27.45.14.41"; depth:11; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842693/; classtype:trojan-activity;sid:82705793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842691)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.228.124.226"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842691/; classtype:trojan-activity;sid:82705791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842690)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.249.91.168"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842690/; classtype:trojan-activity;sid:82705790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842689)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.15.146.12"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842689/; classtype:trojan-activity;sid:82705789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842687)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.44.103.181"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842687/; classtype:trojan-activity;sid:82705787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842688)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/5jtaxmp1ttz7y/"; depth:24; endswith; nocase; http.host; content:"thesensescollection.com"; depth:23; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842688/; classtype:trojan-activity;sid:82705788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842686)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/zh4riru"; depth:19; endswith; nocase; http.host; content:"ascarya.digital"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842686/; classtype:trojan-activity;sid:82705786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842685)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"203.212.206.157"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842685/; classtype:trojan-activity;sid:82705785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842684)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"85.105.243.97"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842684/; classtype:trojan-activity;sid:82705784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842683)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.120.0.224"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842683/; classtype:trojan-activity;sid:82705783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842682)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.124.45.52"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842682/; classtype:trojan-activity;sid:82705782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842681)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.41.3.37"; depth:11; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842681/; classtype:trojan-activity;sid:82705781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842680)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.8.107.142"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842680/; classtype:trojan-activity;sid:82705780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842679)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"123.130.208.230"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842679/; classtype:trojan-activity;sid:82705779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842678)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"14.252.254.59"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842678/; classtype:trojan-activity;sid:82705778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842676)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.10.242.32"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842676/; classtype:trojan-activity;sid:82705776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842677)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"124.163.130.36"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842677/; classtype:trojan-activity;sid:82705777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842675)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.56.115.236"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842675/; classtype:trojan-activity;sid:82705775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842674)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"106.215.123.207"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842674/; classtype:trojan-activity;sid:82705774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842673)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"58.53.73.20"; depth:11; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842673/; classtype:trojan-activity;sid:82705773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842672)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.50.215.221"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842672/; classtype:trojan-activity;sid:82705772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842671)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.221.182.178"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842671/; classtype:trojan-activity;sid:82705771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842670)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.119.166.147"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842670/; classtype:trojan-activity;sid:82705770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842669)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.212.2"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842669/; classtype:trojan-activity;sid:82705769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842668)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/9/q080u0aryyl/"; depth:15; endswith; nocase; http.host; content:"crackedshop.org"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842668/; classtype:trojan-activity;sid:82705768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842667)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/phplist/base/bin/ff/putty.exe"; depth:30; endswith; nocase; http.host; content:"ahanmellat.com"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842667/; classtype:trojan-activity;sid:82705767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842666)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.215.215.124"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842666/; classtype:trojan-activity;sid:82705766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842665)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.119.113.216"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842665/; classtype:trojan-activity;sid:82705765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842664)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/attachments/911251129176850447/915534029896429568/hbvmswhoreniggagay.bin"; depth:73; endswith; nocase; http.host; content:"cdn.discordapp.com"; depth:18; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842664/; classtype:trojan-activity;sid:82705764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842663)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/attachments/911251129176850447/915534047801901056/kcegapxqncwhoreniggagay.bin"; depth:78; endswith; nocase; http.host; content:"cdn.discordapp.com"; depth:18; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842663/; classtype:trojan-activity;sid:82705763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842662)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/attachments/911253697013628941/915541052067311667/dmedkxiwhoreniggagay.bin"; depth:75; endswith; nocase; http.host; content:"cdn.discordapp.com"; depth:18; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842662/; classtype:trojan-activity;sid:82705762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842660)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/attachments/911253697013628941/915540459051425792/vokzytemfjgulhwhoreniggagay.bin"; depth:82; endswith; nocase; http.host; content:"cdn.discordapp.com"; depth:18; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842660/; classtype:trojan-activity;sid:82705760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842661)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/attachments/911251129176850447/915533714174390272/mxvsluukwhoreniggagay.bin"; depth:76; endswith; nocase; http.host; content:"cdn.discordapp.com"; depth:18; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842661/; classtype:trojan-activity;sid:82705761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842659)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/attachments/911253697013628941/915540742573805568/uqqmjycmssacupwhoreniggagay.bin"; depth:82; endswith; nocase; http.host; content:"cdn.discordapp.com"; depth:18; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842659/; classtype:trojan-activity;sid:82705759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842657)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/supcumwhoresum6cuntlickery3gwh"; depth:31; endswith; nocase; http.host; content:"182.48.228.147"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842657/; classtype:trojan-activity;sid:82705757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842658)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.41.79.57"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842658/; classtype:trojan-activity;sid:82705758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842656)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/4/n/"; depth:5; endswith; nocase; http.host; content:"www.luvander.com"; depth:16; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842656/; classtype:trojan-activity;sid:82705756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842655)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.164.99"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842655/; classtype:trojan-activity;sid:82705755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842653)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.231.200.181"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842653/; classtype:trojan-activity;sid:82705753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842654)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.43.109.120"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842654/; classtype:trojan-activity;sid:82705754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842652)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"58.249.82.4"; depth:11; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842652/; classtype:trojan-activity;sid:82705752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842649)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"58.249.76.0"; depth:11; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842649/; classtype:trojan-activity;sid:82705749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842650)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.43.120.214"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842650/; classtype:trojan-activity;sid:82705750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842651)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.5.44.78"; depth:10; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842651/; classtype:trojan-activity;sid:82705751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842648)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.252.174.130"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842648/; classtype:trojan-activity;sid:82705748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842647)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/58885/vbc.exe"; depth:14; endswith; nocase; http.host; content:"192.3.122.180"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842647/; classtype:trojan-activity;sid:82705747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842645)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/......w_w.....w.........-ww........-----www.----............ww--------....ww-/invoice_00959005050500505005.wbk"; depth:111; endswith; nocase; http.host; content:"192.3.122.180"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842645/; classtype:trojan-activity;sid:82705745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842646)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2200/vbc.exe"; depth:13; endswith; nocase; http.host; content:"192.3.122.180"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842646/; classtype:trojan-activity;sid:82705746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842644)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.138.101.104"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842644/; classtype:trojan-activity;sid:82705744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842643)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.155.26.13"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842643/; classtype:trojan-activity;sid:82705743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842642)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"186.33.87.151"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842642/; classtype:trojan-activity;sid:82705742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842641)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"179.92.42.6"; depth:11; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842641/; classtype:trojan-activity;sid:82705741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842640)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"163.179.233.10"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842640/; classtype:trojan-activity;sid:82705740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842639)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.124.82.211"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842639/; classtype:trojan-activity;sid:82705739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842638)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"119.165.158.202"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842638/; classtype:trojan-activity;sid:82705738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842637)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"116.75.198.115"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842637/; classtype:trojan-activity;sid:82705737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842636)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.44.15.245"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842636/; classtype:trojan-activity;sid:82705736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842634)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.62.42.29"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842634/; classtype:trojan-activity;sid:82705734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842635)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.49.203.236"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842635/; classtype:trojan-activity;sid:82705735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842633)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.95.169.87"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842633/; classtype:trojan-activity;sid:82705733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842632)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.198.242.41"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842632/; classtype:trojan-activity;sid:82705732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842631)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"110.247.21.56"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842631/; classtype:trojan-activity;sid:82705731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842630)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.161.232.45"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842630/; classtype:trojan-activity;sid:82705730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842629)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.146.75"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842629/; classtype:trojan-activity;sid:82705729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842628)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/hlgn/"; depth:17; endswith; nocase; http.host; content:"blog.beautyboothqa.com"; depth:22; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842628/; classtype:trojan-activity;sid:82705728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842627)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1/dotms_5/bkksxoldxujyzklkx.dotm"; depth:33; endswith; nocase; http.host; content:"fire.hypersys-server.com.ar"; depth:27; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842627/; classtype:trojan-activity;sid:82705727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842626)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1/dotms_5/jpjqtjduhmchh.dotm"; depth:29; endswith; nocase; http.host; content:"fire.hypersys-server.com.ar"; depth:27; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842626/; classtype:trojan-activity;sid:82705726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842625)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cgi-bin/xid4dwk0vnxy6rr/"; depth:25; endswith; nocase; http.host; content:"www.fbcrsmt.org"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842625/; classtype:trojan-activity;sid:82705725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842624)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"118.79.62.137"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842624/; classtype:trojan-activity;sid:82705724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842623)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"118.174.103.220"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842623/; classtype:trojan-activity;sid:82705723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842622)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"101.51.253.237"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842622/; classtype:trojan-activity;sid:82705722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842621)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"1.4.159.163"; depth:11; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842621/; classtype:trojan-activity;sid:82705721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842620)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cgi-bin/7hrrrw8cnsxluo/"; depth:24; endswith; nocase; http.host; content:"artsupport.rs"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842620/; classtype:trojan-activity;sid:82705720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842619)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.87.100"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842619/; classtype:trojan-activity;sid:82705719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842618)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"58.253.5.110"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842618/; classtype:trojan-activity;sid:82705718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842617)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.249.89.215"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842617/; classtype:trojan-activity;sid:82705717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842616)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.160.177.204"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842616/; classtype:trojan-activity;sid:82705716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842615)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"41.86.18.170"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842615/; classtype:trojan-activity;sid:82705715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842614)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"116.74.98.63"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842614/; classtype:trojan-activity;sid:82705714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842613)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.57.115.61"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842613/; classtype:trojan-activity;sid:82705713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842610)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/h8d8ohonsomg2um/"; depth:26; endswith; nocase; http.host; content:"resource.propelguru.com"; depth:23; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842610/; classtype:trojan-activity;sid:82705710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842611)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.112.50.63"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842611/; classtype:trojan-activity;sid:82705711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842612)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.123.246.151"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842612/; classtype:trojan-activity;sid:82705712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842609)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.6.168.190"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842609/; classtype:trojan-activity;sid:82705709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842608)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.77.212.208"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842608/; classtype:trojan-activity;sid:82705708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842607)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"119.179.250.57"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842607/; classtype:trojan-activity;sid:82705707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842606)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cgi-bin/m7zfmwp77ynebpdxa/"; depth:27; endswith; nocase; http.host; content:"www.dalrympleforgovernor.com"; depth:28; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842606/; classtype:trojan-activity;sid:82705706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842605)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"36.27.39.79"; depth:11; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842605/; classtype:trojan-activity;sid:82705705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842604)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cgi-bin/hnjdg/"; depth:15; endswith; nocase; http.host; content:"www.fiber-tek.com"; depth:17; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842604/; classtype:trojan-activity;sid:82705704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842603)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.194.71"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842603/; classtype:trojan-activity;sid:82705703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842602)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ofpdmagfml.appxbundle"; depth:22; endswith; nocase; http.host; content:"documentalerts.z13.web.core.windows.net"; depth:39; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842602/; classtype:trojan-activity;sid:82705702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842601)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ofpdmagfml.appinstaller"; depth:24; endswith; nocase; http.host; content:"documentalerts.z13.web.core.windows.net"; depth:39; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842601/; classtype:trojan-activity;sid:82705701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842600)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cgi-bin/z3jppuifwv9jpqabyd/"; depth:28; endswith; nocase; http.host; content:"www.vacation-rentals-byowner.com"; depth:32; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842600/; classtype:trojan-activity;sid:82705700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842599)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"177.84.221.159"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842599/; classtype:trojan-activity;sid:82705699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842598)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cgi-bin/lulcff/"; depth:16; endswith; nocase; http.host; content:"www.phoenix-inspire.org"; depth:23; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842598/; classtype:trojan-activity;sid:82705698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842597)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"59.95.66.55"; depth:11; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842597/; classtype:trojan-activity;sid:82705697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842595)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.248.147.36"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842595/; classtype:trojan-activity;sid:82705695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842596)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.155.170.107"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842596/; classtype:trojan-activity;sid:82705696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842594)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.86.162.30"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842594/; classtype:trojan-activity;sid:82705694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842593)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"58.249.72.219"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842593/; classtype:trojan-activity;sid:82705693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842592)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.6.168.190"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842592/; classtype:trojan-activity;sid:82705692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842591)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.119.209.210"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842591/; classtype:trojan-activity;sid:82705691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842590)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.4.94.95"; depth:11; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842590/; classtype:trojan-activity;sid:82705690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842589)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"171.38.216.54"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842589/; classtype:trojan-activity;sid:82705689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842587)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"163.204.223.225"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842587/; classtype:trojan-activity;sid:82705687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842588)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"186.33.72.215"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842588/; classtype:trojan-activity;sid:82705688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842586)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.41.86.247"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842586/; classtype:trojan-activity;sid:82705686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842585)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"122.246.243.180"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842585/; classtype:trojan-activity;sid:82705685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842584)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.85.185.125"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842584/; classtype:trojan-activity;sid:82705684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842583)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.41.79.200"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842583/; classtype:trojan-activity;sid:82705683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842581)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.165.214.109"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842581/; classtype:trojan-activity;sid:82705681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842582)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"125.47.204.201"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842582/; classtype:trojan-activity;sid:82705682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842580)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"124.91.225.199"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842580/; classtype:trojan-activity;sid:82705680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842579)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"101.40.119.166"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842579/; classtype:trojan-activity;sid:82705679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842578)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"114.227.148.227"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842578/; classtype:trojan-activity;sid:82705678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842577)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.249.123.7"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842577/; classtype:trojan-activity;sid:82705677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842576)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.241.186.250"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842576/; classtype:trojan-activity;sid:82705676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842575)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/transmigrant/wplzr/"; depth:20; endswith; nocase; http.host; content:"vendes.marketing"; depth:16; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842575/; classtype:trojan-activity;sid:82705675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842574)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.87.100"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842574/; classtype:trojan-activity;sid:82705674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842573)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1/dotms_5/arsjmazxwurtyqulzfc.dotm"; depth:35; endswith; nocase; http.host; content:"fire.hypersys-server.com.ar"; depth:27; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842573/; classtype:trojan-activity;sid:82705673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842570)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1/dotms_5/lzapskmdqvcunw.dotm"; depth:30; endswith; nocase; http.host; content:"fire.hypersys-server.com.ar"; depth:27; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842570/; classtype:trojan-activity;sid:82705670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842571)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1/dotms_5/ikugfyxmiamudi.dotm"; depth:30; endswith; nocase; http.host; content:"fire.hypersys-server.com.ar"; depth:27; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842571/; classtype:trojan-activity;sid:82705671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842572)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1/dotms_5/fhqorcspdtwn.dotm"; depth:28; endswith; nocase; http.host; content:"fire.hypersys-server.com.ar"; depth:27; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842572/; classtype:trojan-activity;sid:82705672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842569)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/assets/css/dotms_4/nfzlcpcmbuvajw.dotm"; depth:39; endswith; nocase; http.host; content:"my.dexserver.com"; depth:16; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842569/; classtype:trojan-activity;sid:82705669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842568)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/assets/css/dotms_4/asqdjzbezmsr.dotm"; depth:37; endswith; nocase; http.host; content:"my.dexserver.com"; depth:16; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842568/; classtype:trojan-activity;sid:82705668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842567)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mfkrmotherfuckeru6y82sasswhorehf9e"; depth:35; endswith; nocase; http.host; content:"157.230.250.107"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842567/; classtype:trojan-activity;sid:82705667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842566)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.180.2.118"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842566/; classtype:trojan-activity;sid:82705666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842565)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.6.254.124"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842565/; classtype:trojan-activity;sid:82705665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842564)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"183.134.161.145"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842564/; classtype:trojan-activity;sid:82705664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842563)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"101.0.49.132"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842563/; classtype:trojan-activity;sid:82705663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842562)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.206.2.7"; depth:11; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842562/; classtype:trojan-activity;sid:82705662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842561)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.8.159.188"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842561/; classtype:trojan-activity;sid:82705661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842560)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.194.71"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842560/; classtype:trojan-activity;sid:82705660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842559)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/333.exe"; depth:8; endswith; nocase; http.host; content:"www.ipokerist.site"; depth:18; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842559/; classtype:trojan-activity;sid:82705659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842558)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.213.10.1"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842558/; classtype:trojan-activity;sid:82705658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842557)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"84.53.216.198"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842557/; classtype:trojan-activity;sid:82705657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842556)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.195.95.76"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842556/; classtype:trojan-activity;sid:82705656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842555)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.86.176.231"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842555/; classtype:trojan-activity;sid:82705655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842554)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.232.63.60"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842554/; classtype:trojan-activity;sid:82705654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842553)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.99.176.132"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842553/; classtype:trojan-activity;sid:82705653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842552)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"45.126.11.243"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842552/; classtype:trojan-activity;sid:82705652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842551)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.99.128.88"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842551/; classtype:trojan-activity;sid:82705651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842549)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"60.18.96.189"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842549/; classtype:trojan-activity;sid:82705649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842550)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.249.81.54"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842550/; classtype:trojan-activity;sid:82705650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842548)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/costco-stereo-systems/zwvgp6m5dw2/"; depth:35; endswith; nocase; http.host; content:"bahriapeshawar.net"; depth:18; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842548/; classtype:trojan-activity;sid:82705648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842547)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.67.89.202"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842547/; classtype:trojan-activity;sid:82705647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842546)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"183.95.27.82"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842546/; classtype:trojan-activity;sid:82705646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842545)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"171.112.152.34"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842545/; classtype:trojan-activity;sid:82705645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842543)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.124.142.53"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842543/; classtype:trojan-activity;sid:82705643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842544)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/5330.exe"; depth:9; endswith; nocase; http.host; content:"ipokerist.site"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842544/; classtype:trojan-activity;sid:82705644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842541)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.57.103.86"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842541/; classtype:trojan-activity;sid:82705641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842542)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/oavcogvl/trrmutcx48qmrmbj5/"; depth:28; endswith; nocase; http.host; content:"poldap.com.ua"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842542/; classtype:trojan-activity;sid:82705642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842540)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.0.63.166"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842540/; classtype:trojan-activity;sid:82705640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842539)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"163.179.171.56"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842539/; classtype:trojan-activity;sid:82705639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842538)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.88.27.65"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842538/; classtype:trojan-activity;sid:82705638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842537)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.221.177.124"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842537/; classtype:trojan-activity;sid:82705637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842535)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.63.183.52"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842535/; classtype:trojan-activity;sid:82705635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842536)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.89.25.86"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842536/; classtype:trojan-activity;sid:82705636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842534)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.6.254.124"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842534/; classtype:trojan-activity;sid:82705634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842533)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.93.17.172"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842533/; classtype:trojan-activity;sid:82705633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842532)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/i752zk2le9nt/"; depth:23; endswith; nocase; http.host; content:"detoxdietsupplements.com"; depth:24; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842532/; classtype:trojan-activity;sid:82705632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842531)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.39.185"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842531/; classtype:trojan-activity;sid:82705631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842530)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.86.7"; depth:10; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842530/; classtype:trojan-activity;sid:82705630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842529)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.53.3.100"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842529/; classtype:trojan-activity;sid:82705629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842528)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/4x83itb95ayi/"; depth:23; endswith; nocase; http.host; content:"goalsuccesstips.com"; depth:19; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842528/; classtype:trojan-activity;sid:82705628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842527)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"171.124.92.222"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842527/; classtype:trojan-activity;sid:82705627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842526)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gobleted/1ux7lcxthk/"; depth:21; endswith; nocase; http.host; content:"creditrepairfocus.com"; depth:21; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842526/; classtype:trojan-activity;sid:82705626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842525)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"79.137.250.41"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842525/; classtype:trojan-activity;sid:82705625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842524)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"41.86.21.27"; depth:11; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842524/; classtype:trojan-activity;sid:82705624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842523)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"219.154.254.82"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842523/; classtype:trojan-activity;sid:82705623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842522)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.41.86.247"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842522/; classtype:trojan-activity;sid:82705622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842521)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"41.86.21.5"; depth:10; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842521/; classtype:trojan-activity;sid:82705621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842520)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.248.146.39"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842520/; classtype:trojan-activity;sid:82705620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842518)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.232.232.29"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842518/; classtype:trojan-activity;sid:82705618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842519)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.224.125.214"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842519/; classtype:trojan-activity;sid:82705619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842517)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.138.235.80"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842517/; classtype:trojan-activity;sid:82705617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842516)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sarawan/5vf7rouus3wcuqj/"; depth:25; endswith; nocase; http.host; content:"ebooksofsuccess.com"; depth:19; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842516/; classtype:trojan-activity;sid:82705616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842515)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"179.165.47.146"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842515/; classtype:trojan-activity;sid:82705615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842514)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"113.116.88.46"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842514/; classtype:trojan-activity;sid:82705614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842513)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"121.236.234.50"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842513/; classtype:trojan-activity;sid:82705613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842511)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"116.73.213.247"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842511/; classtype:trojan-activity;sid:82705611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842512)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"119.99.188.172"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842512/; classtype:trojan-activity;sid:82705612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842509)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.196.49.83"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842509/; classtype:trojan-activity;sid:82705609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842510)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.52.192.80"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842510/; classtype:trojan-activity;sid:82705610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842508)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.4.248.253"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842508/; classtype:trojan-activity;sid:82705608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842507)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.246.131.4"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842507/; classtype:trojan-activity;sid:82705607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842506)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.254.132.88"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842506/; classtype:trojan-activity;sid:82705606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842505)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.110.247.213"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842505/; classtype:trojan-activity;sid:82705605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842503)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.52.9.214"; depth:11; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842503/; classtype:trojan-activity;sid:82705603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842504)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.57.100.159"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842504/; classtype:trojan-activity;sid:82705604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842502)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/free-proxy-list/anon-elite-proxy.phpmsxml2.serverxm"; depth:52; endswith; nocase; http.host; content:"www.free-proxy-list.info"; depth:24; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842502/; classtype:trojan-activity;sid:82705602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842501)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/8uzd1qk0/"; depth:19; endswith; nocase; http.host; content:"faceks.com"; depth:10; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842501/; classtype:trojan-activity;sid:82705601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842500)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.47.88.100"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842500/; classtype:trojan-activity;sid:82705600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842499)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2/mwpqevgz/"; depth:12; endswith; nocase; http.host; content:"standoutglobal.com"; depth:18; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842499/; classtype:trojan-activity;sid:82705599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842498)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"113.248.192.107"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842498/; classtype:trojan-activity;sid:82705598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842497)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/au_stuff/sh96f73je/"; depth:20; endswith; nocase; http.host; content:"crackers.stepupsmart.in"; depth:23; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842497/; classtype:trojan-activity;sid:82705597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842496)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.41.199.216"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842496/; classtype:trojan-activity;sid:82705596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842495)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.10.1"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842495/; classtype:trojan-activity;sid:82705595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842494)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"88.28.238.18"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842494/; classtype:trojan-activity;sid:82705594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842493)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"103.92.113.74"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842493/; classtype:trojan-activity;sid:82705593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842492)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.92.113.74"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842492/; classtype:trojan-activity;sid:82705592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842491)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/images/npu4jgfzf/"; depth:18; endswith; nocase; http.host; content:"7oroof.com"; depth:10; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842491/; classtype:trojan-activity;sid:82705591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842490)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.220.94"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842490/; classtype:trojan-activity;sid:82705590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842489)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"39.74.11.105"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842489/; classtype:trojan-activity;sid:82705589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842488)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.5.20.96"; depth:10; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842488/; classtype:trojan-activity;sid:82705588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842486)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.74.11.105"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842486/; classtype:trojan-activity;sid:82705586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842487)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.249.18.40"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842487/; classtype:trojan-activity;sid:82705587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842485)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.39.185"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842485/; classtype:trojan-activity;sid:82705585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842484)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.121.175.77"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842484/; classtype:trojan-activity;sid:82705584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842483)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/assets/css/dotms_4/wimevagnmsep.dotm"; depth:37; endswith; nocase; http.host; content:"my.dexserver.com"; depth:16; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842483/; classtype:trojan-activity;sid:82705583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842482)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dephlogistication/r4ca9nznbfmn/"; depth:32; endswith; nocase; http.host; content:"meetmidnight.club"; depth:17; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842482/; classtype:trojan-activity;sid:82705582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842481)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.121.127.161"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842481/; classtype:trojan-activity;sid:82705581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842480)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gt/g.exe"; depth:9; endswith; nocase; http.host; content:"permagraf.com.mx"; depth:16; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842480/; classtype:trojan-activity;sid:82705580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842478)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"119.167.61.81"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842478/; classtype:trojan-activity;sid:82705578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842479)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.241.186.218"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842479/; classtype:trojan-activity;sid:82705579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842477)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.195.94.6"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842477/; classtype:trojan-activity;sid:82705577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842476)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"1.246.223.37"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842476/; classtype:trojan-activity;sid:82705576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842475)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/contacts/cjgyb/"; depth:16; endswith; nocase; http.host; content:"www.avtomatizator.ru"; depth:20; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842475/; classtype:trojan-activity;sid:82705575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842474)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.175.105"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842474/; classtype:trojan-activity;sid:82705574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842473)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"218.161.125.224"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842473/; classtype:trojan-activity;sid:82705573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842472)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.93.17.172"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842472/; classtype:trojan-activity;sid:82705572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842471)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.40.147.210"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842471/; classtype:trojan-activity;sid:82705571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842470)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/mbqgnom/"; depth:20; endswith; nocase; http.host; content:"www.cursossemana.com"; depth:20; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842470/; classtype:trojan-activity;sid:82705570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842469)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.41.2.142"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842469/; classtype:trojan-activity;sid:82705569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842468)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/e/jkkbgj/"; depth:10; endswith; nocase; http.host; content:"khbd.41319.top"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842468/; classtype:trojan-activity;sid:82705568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842467)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"122.237.155.143"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842467/; classtype:trojan-activity;sid:82705567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842466)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"183.188.143.245"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842466/; classtype:trojan-activity;sid:82705566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842464)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.15.97.191"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842464/; classtype:trojan-activity;sid:82705564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842465)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.131.230.208"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842465/; classtype:trojan-activity;sid:82705565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842463)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.3.189.76"; depth:11; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842463/; classtype:trojan-activity;sid:82705563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842462)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.157.25.54"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842462/; classtype:trojan-activity;sid:82705562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842461)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"58.249.74.246"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842461/; classtype:trojan-activity;sid:82705561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842460)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wordpress_temp/scc/"; depth:20; endswith; nocase; http.host; content:"bpd.trackbox.world"; depth:18; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842460/; classtype:trojan-activity;sid:82705560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842456)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"42.235.175.105"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842456/; classtype:trojan-activity;sid:82705556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842457)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"45.6.26.1"; depth:9; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842457/; classtype:trojan-activity;sid:82705557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842458)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.52.84.121"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842458/; classtype:trojan-activity;sid:82705558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842459)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.53.3.100"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842459/; classtype:trojan-activity;sid:82705559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842455)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.43.116.72"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842455/; classtype:trojan-activity;sid:82705555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842454)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"154.192.34.198"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842454/; classtype:trojan-activity;sid:82705554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842453)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"183.129.90.17"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842453/; classtype:trojan-activity;sid:82705553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842452)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"171.38.146.35"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842452/; classtype:trojan-activity;sid:82705552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842451)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.116.105.232"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842451/; classtype:trojan-activity;sid:82705551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842450)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.119.197.155"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842450/; classtype:trojan-activity;sid:82705550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842449)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.11.63.41"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842449/; classtype:trojan-activity;sid:82705549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842448)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"42.224.250.252"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842448/; classtype:trojan-activity;sid:82705548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842446)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"115.48.214.155"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842446/; classtype:trojan-activity;sid:82705546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842447)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.56.191.1"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842447/; classtype:trojan-activity;sid:82705547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842445)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.52.176.170"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842445/; classtype:trojan-activity;sid:82705545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842442)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vjn.exe"; depth:8; endswith; nocase; http.host; content:"appsmanager.alert.com.mt"; depth:24; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842442/; classtype:trojan-activity;sid:82705542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842443)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jpz6/l318oysijwlfgpof/"; depth:23; endswith; nocase; http.host; content:"flickerme.club"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842443/; classtype:trojan-activity;sid:82705543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842444)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.13.23.41"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842444/; classtype:trojan-activity;sid:82705544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842441)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"116.75.199.225"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842441/; classtype:trojan-activity;sid:82705541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842439)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.88.84.49"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842439/; classtype:trojan-activity;sid:82705539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842440)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.116.88.246"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842440/; classtype:trojan-activity;sid:82705540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842438)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"114.92.240.198"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842438/; classtype:trojan-activity;sid:82705538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842437)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.6.244.14"; depth:11; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842437/; classtype:trojan-activity;sid:82705537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842436)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.95.73.226"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842436/; classtype:trojan-activity;sid:82705536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842435)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ajukfjhosgh/consoleapp4.jpg"; depth:28; endswith; nocase; http.host; content:"www.tractorandinas.com"; depth:22; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842435/; classtype:trojan-activity;sid:82705535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842434)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0386/e9fi4f1zcv/"; depth:17; endswith; nocase; http.host; content:"littlefranchise.xyz"; depth:19; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842434/; classtype:trojan-activity;sid:82705534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842433)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"58.253.8.113"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842433/; classtype:trojan-activity;sid:82705533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842432)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kmplwix/96/"; depth:12; endswith; nocase; http.host; content:"movieintheatre.xyz"; depth:18; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842432/; classtype:trojan-activity;sid:82705532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842431)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/tldu/"; depth:17; endswith; nocase; http.host; content:"wintercreate.xyz"; depth:16; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842431/; classtype:trojan-activity;sid:82705531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842430)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"60.251.190.147"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842430/; classtype:trojan-activity;sid:82705530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842429)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/suntnulla/magniodit-7819314"; depth:28; endswith; nocase; http.host; content:"kalapahariauhs.edu.bd"; depth:21; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842429/; classtype:trojan-activity;sid:82705529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842428)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fugithic/adsed-7220377"; depth:23; endswith; nocase; http.host; content:"test.bookingsinn.com"; depth:20; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842428/; classtype:trojan-activity;sid:82705528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842427)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/utadipisci/molestiaecumque-5323354"; depth:35; endswith; nocase; http.host; content:"joseys.in"; depth:9; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842427/; classtype:trojan-activity;sid:82705527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842424)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/velitvoluptas/perferendisin-7984935"; depth:36; endswith; nocase; http.host; content:"teslascans.com"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842424/; classtype:trojan-activity;sid:82705524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842425)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/utquam/doloremautem-7819314"; depth:28; endswith; nocase; http.host; content:"techhordes.com"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842425/; classtype:trojan-activity;sid:82705525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842426)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/temporibusquod/beataetempore-8234508"; depth:37; endswith; nocase; http.host; content:"promomobilnissan.com"; depth:20; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842426/; classtype:trojan-activity;sid:82705526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842420)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/voluptasvoluptates/utdolorem-5323354"; depth:37; endswith; nocase; http.host; content:"evolutioncolombia.com"; depth:21; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842420/; classtype:trojan-activity;sid:82705520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842421)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/consequaturmolestiae/undeet-7876073"; depth:36; endswith; nocase; http.host; content:"goldenrice.in"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842421/; classtype:trojan-activity;sid:82705521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842422)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/quaeratblanditiis/eosneque-7847826"; depth:35; endswith; nocase; http.host; content:"kimura-shokai.co.jp"; depth:19; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842422/; classtype:trojan-activity;sid:82705522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842423)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eosdolorem/sequiet-7931793"; depth:27; endswith; nocase; http.host; content:"villalonavala.in"; depth:16; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842423/; classtype:trojan-activity;sid:82705523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842415)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/autnon/utsed-7847826"; depth:21; endswith; nocase; http.host; content:"orion.indodevmatech.com"; depth:23; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842415/; classtype:trojan-activity;sid:82705515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842416)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/utquam/eosillum-7749905"; depth:24; endswith; nocase; http.host; content:"techhordes.com"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842416/; classtype:trojan-activity;sid:82705516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842417)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nullaqui/inciduntaut-8027138"; depth:29; endswith; nocase; http.host; content:"fmm-tracking.appsdemo.xyz"; depth:25; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842417/; classtype:trojan-activity;sid:82705517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842418)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pariatursunt/idab-7874264"; depth:26; endswith; nocase; http.host; content:"fursa-api.indodevmatech.com"; depth:27; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842418/; classtype:trojan-activity;sid:82705518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842419)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/accusamusdolor/numquamquidem-7931793"; depth:37; endswith; nocase; http.host; content:"medeq.indodevmatech.com"; depth:23; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842419/; classtype:trojan-activity;sid:82705519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842413)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nisiat/voluptatemaut-7874264"; depth:29; endswith; nocase; http.host; content:"weeklyluxurywinners.co.uk"; depth:25; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842413/; classtype:trojan-activity;sid:82705513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842414)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/quidemesse/aliashic-8002971"; depth:28; endswith; nocase; http.host; content:"melanindiscovery.com"; depth:20; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842414/; classtype:trojan-activity;sid:82705514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842412)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/suntnulla/undeest-7876073"; depth:26; endswith; nocase; http.host; content:"kalapahariauhs.edu.bd"; depth:21; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842412/; classtype:trojan-activity;sid:82705512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842408)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/repellataut/omnisoptio-8002971"; depth:31; endswith; nocase; http.host; content:"desawisatacisaat.com"; depth:20; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842408/; classtype:trojan-activity;sid:82705508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842409)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sedquidem/aliaseos-7733089"; depth:27; endswith; nocase; http.host; content:"jaloux.ma"; depth:9; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842409/; classtype:trojan-activity;sid:82705509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842410)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/assets/css/dotms_4/sfiukjmbghbbziamuosb.dotm"; depth:45; endswith; nocase; http.host; content:"my.dexserver.com"; depth:16; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842410/; classtype:trojan-activity;sid:82705510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842411)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sedquidem/autdolores-8027138"; depth:29; endswith; nocase; http.host; content:"jaloux.ma"; depth:9; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842411/; classtype:trojan-activity;sid:82705511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842406)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sedunde/omnisprovident-7733089"; depth:31; endswith; nocase; http.host; content:"scoldfriday.com"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842406/; classtype:trojan-activity;sid:82705506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842407)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chief.exe"; depth:10; endswith; nocase; http.host; content:"appsmanager.alert.com.mt"; depth:24; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842407/; classtype:trojan-activity;sid:82705507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842405)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ducimusperspiciatis/etquo-7220377"; depth:34; endswith; nocase; http.host; content:"phpmyadmin.haringhatamahavidyalaya.org"; depth:38; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842405/; classtype:trojan-activity;sid:82705505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842404)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mollitiaet/sedqui-8152669"; depth:26; endswith; nocase; http.host; content:"liviabordea.ro"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842404/; classtype:trojan-activity;sid:82705504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842403)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/consequunturaut/aperiamet-7412012"; depth:34; endswith; nocase; http.host; content:"mtfeducation.com"; depth:16; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842403/; classtype:trojan-activity;sid:82705503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842400)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/animiiste/involuptatem-7360740"; depth:31; endswith; nocase; http.host; content:"datenex.com"; depth:11; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842400/; classtype:trojan-activity;sid:82705500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842401)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/consequunturaut/quibusdameos-7360736"; depth:37; endswith; nocase; http.host; content:"mtfeducation.com"; depth:16; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842401/; classtype:trojan-activity;sid:82705501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842402)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eiusdolorum/repellendusmaxime-7360736"; depth:38; endswith; nocase; http.host; content:"indiabiddinghr.in"; depth:17; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842402/; classtype:trojan-activity;sid:82705502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842397)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/consequunturaut/quibusdameos-7360736"; depth:37; endswith; nocase; http.host; content:"mtfeducation.com"; depth:16; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842397/; classtype:trojan-activity;sid:82705497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842398)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/temporibusquod/errortenetur-8224262"; depth:36; endswith; nocase; http.host; content:"promomobilnissan.com"; depth:20; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842398/; classtype:trojan-activity;sid:82705498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842399)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eiusdolorum/repellendusmaxime-7360736"; depth:38; endswith; nocase; http.host; content:"indiabiddinghr.in"; depth:17; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842399/; classtype:trojan-activity;sid:82705499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842390)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eiusdolorum/liberosed-7360740"; depth:30; endswith; nocase; http.host; content:"indiabiddinghr.in"; depth:17; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842390/; classtype:trojan-activity;sid:82705490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842391)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/consequunturaut/aperiamet-7412012"; depth:34; endswith; nocase; http.host; content:"mtfeducation.com"; depth:16; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842391/; classtype:trojan-activity;sid:82705491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842392)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hicquas/autmodi-4762086"; depth:24; endswith; nocase; http.host; content:"becnelrt.com"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842392/; classtype:trojan-activity;sid:82705492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842393)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/consequaturmolestiae/autemodio-7749905"; depth:39; endswith; nocase; http.host; content:"goldenrice.in"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842393/; classtype:trojan-activity;sid:82705493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842394)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/animiiste/inventoreenim-7379858"; depth:32; endswith; nocase; http.host; content:"datenex.com"; depth:11; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842394/; classtype:trojan-activity;sid:82705494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842395)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/animiiste/voluptatibussunt-7360738"; depth:35; endswith; nocase; http.host; content:"datenex.com"; depth:11; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842395/; classtype:trojan-activity;sid:82705495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842396)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iustoomnis/etratione-7400038"; depth:29; endswith; nocase; http.host; content:"inchbay.ng"; depth:10; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842396/; classtype:trojan-activity;sid:82705496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842387)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/quiamolestiae/hazy-3890262238.zip"; depth:34; endswith; nocase; http.host; content:"wanaka-portal.uat.lk"; depth:20; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842387/; classtype:trojan-activity;sid:82705487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842388)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.195.95.3"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842388/; classtype:trojan-activity;sid:82705488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842389)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eiusdolorum/sintplaceat-7400038"; depth:32; endswith; nocase; http.host; content:"indiabiddinghr.in"; depth:17; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842389/; classtype:trojan-activity;sid:82705489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842386)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/consecteturmollitia/eoset-8224262"; depth:34; endswith; nocase; http.host; content:"grampalikadabhadi.in"; depth:20; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842386/; classtype:trojan-activity;sid:82705486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842384)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|47094749913686493"; depth:22; endswith; nocase; http.host; content:"yw5sxk3aww.clias.info"; depth:21; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842384/; classtype:trojan-activity;sid:82705484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842385)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/namvoluptas/nisiut-7829880"; depth:27; endswith; nocase; http.host; content:"poltekanika.ac.id"; depth:17; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842385/; classtype:trojan-activity;sid:82705485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842375)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/autnon/exest-7757958"; depth:21; endswith; nocase; http.host; content:"orion.indodevmatech.com"; depth:23; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842375/; classtype:trojan-activity;sid:82705475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842376)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/laborumreprehenderit/hazy-3890262238.zip"; depth:41; endswith; nocase; http.host; content:"leale.ch"; depth:8; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842376/; classtype:trojan-activity;sid:82705476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842377)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|75450948521676795"; depth:22; endswith; nocase; http.host; content:"0fht4ppua7f.ulxius.trade"; depth:24; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842377/; classtype:trojan-activity;sid:82705477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842378)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|48462174871677871"; depth:22; endswith; nocase; http.host; content:"0fht4ppua7f.ulxius.trade"; depth:24; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842378/; classtype:trojan-activity;sid:82705478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842379)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|47094749913686493"; depth:22; endswith; nocase; http.host; content:"0fht4ppua7f.ulxius.trade"; depth:24; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842379/; classtype:trojan-activity;sid:82705479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842380)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|38149636726636942"; depth:22; endswith; nocase; http.host; content:"0fht4ppua7f.ulxius.trade"; depth:24; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842380/; classtype:trojan-activity;sid:82705480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842381)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|75450948521676795"; depth:22; endswith; nocase; http.host; content:"yw5sxk3aww.clias.info"; depth:21; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842381/; classtype:trojan-activity;sid:82705481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842382)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|38149636726636942"; depth:22; endswith; nocase; http.host; content:"yw5sxk3aww.clias.info"; depth:21; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842382/; classtype:trojan-activity;sid:82705482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842383)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|48462174871677871"; depth:22; endswith; nocase; http.host; content:"yw5sxk3aww.clias.info"; depth:21; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842383/; classtype:trojan-activity;sid:82705483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842369)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iustoomnis/oditvero-7379858"; depth:28; endswith; nocase; http.host; content:"inchbay.ng"; depth:10; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842369/; classtype:trojan-activity;sid:82705469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842370)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/estnemo/undenon-7360738"; depth:24; endswith; nocase; http.host; content:"mgmiroslaw.com"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842370/; classtype:trojan-activity;sid:82705470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842371)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/suntnulla/reiciendiset-7829880"; depth:31; endswith; nocase; http.host; content:"kalapahariauhs.edu.bd"; depth:21; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842371/; classtype:trojan-activity;sid:82705471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842372)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/peimyxubjjo/"; depth:22; endswith; nocase; http.host; content:"datumtechnology.xyz"; depth:19; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842372/; classtype:trojan-activity;sid:82705472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842373)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/corruptiautem/suntreiciendis-8152669"; depth:37; endswith; nocase; http.host; content:"rithikengineering.com"; depth:21; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842373/; classtype:trojan-activity;sid:82705473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842374)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iustoomnis/estasperiores-7412012"; depth:33; endswith; nocase; http.host; content:"inchbay.ng"; depth:10; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842374/; classtype:trojan-activity;sid:82705474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842367)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/quaeratblanditiis/nihiloccaecati-7757958"; depth:41; endswith; nocase; http.host; content:"kimura-shokai.co.jp"; depth:19; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842367/; classtype:trojan-activity;sid:82705467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842368)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iustoomnis/estasperiores-7412012"; depth:33; endswith; nocase; http.host; content:"inchbay.ng"; depth:10; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842368/; classtype:trojan-activity;sid:82705468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842366)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"115.216.111.205"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842366/; classtype:trojan-activity;sid:82705466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842363)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/u/s!akkm_2ylaszpgqlzlloxkgv6jn-q|3f|e=0txh8g"; depth:45; endswith; nocase; http.host; content:"1drv.ms"; depth:7; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842363/; classtype:trojan-activity;sid:82705463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842364)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/u/s!ardq9z8hajuud0lutfcoqv-jbnm|3f|e=ei45un"; depth:44; endswith; nocase; http.host; content:"1drv.ms"; depth:7; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842364/; classtype:trojan-activity;sid:82705464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842365)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/u/s!ao3thxt7b-zybcbvosi-zlydpwg|3f|e=rymou2"; depth:44; endswith; nocase; http.host; content:"1drv.ms"; depth:7; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842365/; classtype:trojan-activity;sid:82705465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842362)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.3.158.129"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842362/; classtype:trojan-activity;sid:82705462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842359)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.253.9.68"; depth:11; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842359/; classtype:trojan-activity;sid:82705459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842360)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/u/s!ameg1hfqfpo3azunbu3q5cwdwnm|3f|e=saxmoq"; depth:44; endswith; nocase; http.host; content:"1drv.ms"; depth:7; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842360/; classtype:trojan-activity;sid:82705460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842361)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/u/s!akkm_2ylaszpd0gskxqysnwhplw|3f|e=krgk5q"; depth:44; endswith; nocase; http.host; content:"1drv.ms"; depth:7; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842361/; classtype:trojan-activity;sid:82705461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842358)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"49.70.23.191"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842358/; classtype:trojan-activity;sid:82705458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842355)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/u/s!ardq9z8hajuuc9xxyxugv1sequq|3f|e=4hb4az"; depth:44; endswith; nocase; http.host; content:"1drv.ms"; depth:7; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842355/; classtype:trojan-activity;sid:82705455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842356)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/u/s!akz9th8f935vbnwoxwfuqrzuzpe|3f|e=0a4wqr"; depth:44; endswith; nocase; http.host; content:"1drv.ms"; depth:7; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842356/; classtype:trojan-activity;sid:82705456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842357)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/u/s!ahxuokqqsu3zgqj6pyeuq_u--iii|3f|e=xcch94"; depth:45; endswith; nocase; http.host; content:"1drv.ms"; depth:7; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842357/; classtype:trojan-activity;sid:82705457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842354)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/u/s!ao3thxt7b-zyasmibcsm1rh6zms|3f|e=zfil8k"; depth:44; endswith; nocase; http.host; content:"1drv.ms"; depth:7; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842354/; classtype:trojan-activity;sid:82705454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842351)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"49.143.32.41"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842351/; classtype:trojan-activity;sid:82705451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842352)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.54.63.226"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842352/; classtype:trojan-activity;sid:82705452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842353)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.249.75.176"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842353/; classtype:trojan-activity;sid:82705453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842350)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.225.200.139"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842350/; classtype:trojan-activity;sid:82705450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842349)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/attachments/911253697013628941/915540169216626698/rwtapawhoreniggagay.bin"; depth:74; endswith; nocase; http.host; content:"cdn.discordapp.com"; depth:18; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842349/; classtype:trojan-activity;sid:82705449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842347)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/attachments/911251129176850447/915533504324980736/zmwilswhoreniggagay.bin"; depth:74; endswith; nocase; http.host; content:"cdn.discordapp.com"; depth:18; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842347/; classtype:trojan-activity;sid:82705447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842348)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/attachments/911253697013628941/915540255417958450/juswpqgyhnlwhoreniggagay.bin"; depth:79; endswith; nocase; http.host; content:"cdn.discordapp.com"; depth:18; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842348/; classtype:trojan-activity;sid:82705448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842346)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"223.212.226.173"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842346/; classtype:trojan-activity;sid:82705446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842345)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/83znniggerscr2uhrcocksucker23wwvty"; depth:35; endswith; nocase; http.host; content:"178.254.8.241"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842345/; classtype:trojan-activity;sid:82705445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842344)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2/6m93a2o/"; depth:11; endswith; nocase; http.host; content:"ictf.online"; depth:11; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842344/; classtype:trojan-activity;sid:82705444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842342)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"163.204.222.117"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842342/; classtype:trojan-activity;sid:82705442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842343)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"58.53.73.20"; depth:11; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842343/; classtype:trojan-activity;sid:82705443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842339)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"186.33.68.58"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842339/; classtype:trojan-activity;sid:82705439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842340)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.126.92.240"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842340/; classtype:trojan-activity;sid:82705440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842341)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.113.199.15"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842341/; classtype:trojan-activity;sid:82705441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842338)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.85.169.212"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842338/; classtype:trojan-activity;sid:82705438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842336)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"113.93.225.251"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842336/; classtype:trojan-activity;sid:82705436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842337)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.42.235.178"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842337/; classtype:trojan-activity;sid:82705437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842335)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.14.109.189"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842335/; classtype:trojan-activity;sid:82705435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842334)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.70.248.152"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842334/; classtype:trojan-activity;sid:82705434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842333)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.0.31"; depth:11; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842333/; classtype:trojan-activity;sid:82705433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842332)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cgi-bin/dov0/"; depth:14; endswith; nocase; http.host; content:"libertysteelproducts.com"; depth:24; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842332/; classtype:trojan-activity;sid:82705432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842331)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.198.175.228"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842331/; classtype:trojan-activity;sid:82705431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842330)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.201.196.209"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842330/; classtype:trojan-activity;sid:82705430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842328)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.118.85.71"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842328/; classtype:trojan-activity;sid:82705428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842329)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.99.196.154"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842329/; classtype:trojan-activity;sid:82705429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842327)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-includes/2gp/"; depth:17; endswith; nocase; http.host; content:"rrpjewellers.com"; depth:16; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842327/; classtype:trojan-activity;sid:82705427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842326)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.11.14.115"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842326/; classtype:trojan-activity;sid:82705426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842325)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/deliverer/f9fid8dep/"; depth:21; endswith; nocase; http.host; content:"intercup.eu"; depth:11; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842325/; classtype:trojan-activity;sid:82705425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842324)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"206.125.151.234"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842324/; classtype:trojan-activity;sid:82705424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842323)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/images_old/2vk/"; depth:16; endswith; nocase; http.host; content:"dukaree.com"; depth:11; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842323/; classtype:trojan-activity;sid:82705423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842322)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"27.47.115.252"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842322/; classtype:trojan-activity;sid:82705422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842321)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.138.183.199"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842321/; classtype:trojan-activity;sid:82705421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842320)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.99.136.58"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842320/; classtype:trojan-activity;sid:82705420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842318)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.38.142.74"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842318/; classtype:trojan-activity;sid:82705418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842319)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.235.65.138"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842319/; classtype:trojan-activity;sid:82705419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842315)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.40.85.64"; depth:11; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842315/; classtype:trojan-activity;sid:82705415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842316)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.248.112.4"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842316/; classtype:trojan-activity;sid:82705416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842317)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.211.183"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842317/; classtype:trojan-activity;sid:82705417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842314)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.94.192.117"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842314/; classtype:trojan-activity;sid:82705414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842313)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.234.168.203"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842313/; classtype:trojan-activity;sid:82705413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842312)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.201.201.39"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842312/; classtype:trojan-activity;sid:82705412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842311)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"119.186.73.41"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842311/; classtype:trojan-activity;sid:82705411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842310)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.47.252.187"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842310/; classtype:trojan-activity;sid:82705410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842307)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.42.251.112"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842307/; classtype:trojan-activity;sid:82705407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842308)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.54.222.52"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842308/; classtype:trojan-activity;sid:82705408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842309)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.194.160.76"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842309/; classtype:trojan-activity;sid:82705409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842306)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.123.128.134"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842306/; classtype:trojan-activity;sid:82705406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842305)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/images/szkjrsde/"; depth:17; endswith; nocase; http.host; content:"old.liceum9.ru"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842305/; classtype:trojan-activity;sid:82705405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842304)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.186.73.41"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842304/; classtype:trojan-activity;sid:82705404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842303)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"183.151.182.38"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842303/; classtype:trojan-activity;sid:82705403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842302)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.235.191.167"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842302/; classtype:trojan-activity;sid:82705402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842301)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-includes/js/mediaelement/psoroptic/vnl1h8fsxifkvkd/"; depth:55; endswith; nocase; http.host; content:"pro-terminal.hu"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842301/; classtype:trojan-activity;sid:82705401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842300)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/images/nbtadl/"; depth:15; endswith; nocase; http.host; content:"wta.cz"; depth:6; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842300/; classtype:trojan-activity;sid:82705400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842299)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/g7v2hwd/"; depth:20; endswith; nocase; http.host; content:"www.snkre.com"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842299/; classtype:trojan-activity;sid:82705399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842298)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.139.48.162"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842298/; classtype:trojan-activity;sid:82705398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842296)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.95.69.69"; depth:11; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842296/; classtype:trojan-activity;sid:82705396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842297)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.219.79.91"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842297/; classtype:trojan-activity;sid:82705397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842294)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.58.115.158"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842294/; classtype:trojan-activity;sid:82705394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842295)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/stbpd/o/"; depth:9; endswith; nocase; http.host; content:"shashlikexpres.ru"; depth:17; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842295/; classtype:trojan-activity;sid:82705395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842293)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.37.165.227"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842293/; classtype:trojan-activity;sid:82705393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842291)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.118.85.71"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842291/; classtype:trojan-activity;sid:82705391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842292)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"59.96.24.112"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842292/; classtype:trojan-activity;sid:82705392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842290)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"220.77.162.9"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842290/; classtype:trojan-activity;sid:82705390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842289)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.248.192.107"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842289/; classtype:trojan-activity;sid:82705389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842287)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.222.175.154"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842287/; classtype:trojan-activity;sid:82705387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842288)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"118.75.136.92"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842288/; classtype:trojan-activity;sid:82705388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842285)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.9.218.167"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842285/; classtype:trojan-activity;sid:82705385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842286)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"116.75.198.172"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842286/; classtype:trojan-activity;sid:82705386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842284)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"116.75.199.122"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842284/; classtype:trojan-activity;sid:82705384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842283)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"119.99.184.187"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842283/; classtype:trojan-activity;sid:82705383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842282)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"197.86.215.224"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842282/; classtype:trojan-activity;sid:82705382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842281)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"172.36.82.30"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842281/; classtype:trojan-activity;sid:82705381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842280)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"183.158.151.228"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842280/; classtype:trojan-activity;sid:82705380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842279)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.201.196.209"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842279/; classtype:trojan-activity;sid:82705379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842278)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.213.45.193"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842278/; classtype:trojan-activity;sid:82705378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842277)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.195.95.3"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842277/; classtype:trojan-activity;sid:82705377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842276)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bf/1jc1tvgjevob2d1rjs/"; depth:23; endswith; nocase; http.host; content:"stage.jiosdev.com"; depth:17; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842276/; classtype:trojan-activity;sid:82705376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842275)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/misincensed/ag/"; depth:16; endswith; nocase; http.host; content:"transportationpro.world"; depth:23; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842275/; classtype:trojan-activity;sid:82705375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842271)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/attachments/911246617275957290/915526461379727370/gyrxsmxktvwswhoreniggagay.bin"; depth:80; endswith; nocase; http.host; content:"cdn.discordapp.com"; depth:18; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842271/; classtype:trojan-activity;sid:82705371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842272)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/attachments/911246617275957290/915526468073848872/xtpcaezvwmhqwhoreniggagay.bin"; depth:80; endswith; nocase; http.host; content:"cdn.discordapp.com"; depth:18; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842272/; classtype:trojan-activity;sid:82705372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842273)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/attachments/911246617275957290/915526473467719720/ksxtuxmxozvgudvwhoreniggagay.bin"; depth:83; endswith; nocase; http.host; content:"cdn.discordapp.com"; depth:18; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842273/; classtype:trojan-activity;sid:82705373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842274)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.186.73.41"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842274/; classtype:trojan-activity;sid:82705374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842270)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/6tfcnfucknugget4gpenis3dade5z6cpc"; depth:34; endswith; nocase; http.host; content:"149.129.254.152"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842270/; classtype:trojan-activity;sid:82705370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842269)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.0.31"; depth:11; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842269/; classtype:trojan-activity;sid:82705369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842268)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.60.223.2"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842268/; classtype:trojan-activity;sid:82705368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842267)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"179.129.208.161"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842267/; classtype:trojan-activity;sid:82705367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842266)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/ie/"; depth:13; endswith; nocase; http.host; content:"significancestudio.club"; depth:23; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842266/; classtype:trojan-activity;sid:82705366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842265)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"58.54.109.245"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842265/; classtype:trojan-activity;sid:82705365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842264)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"206.125.151.234"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842264/; classtype:trojan-activity;sid:82705364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842263)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/attachments/911246617275957290/915526808970084353/rbrkcqqjdpuwhoreniggagay.bin"; depth:79; endswith; nocase; http.host; content:"cdn.discordapp.com"; depth:18; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842263/; classtype:trojan-activity;sid:82705363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842261)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/attachments/911246617275957290/915526802779291658/dfuoutxfqrxawhoreniggagay.bin"; depth:80; endswith; nocase; http.host; content:"cdn.discordapp.com"; depth:18; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842261/; classtype:trojan-activity;sid:82705361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842262)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/attachments/911246617275957290/915526814867263538/rqgagrvhnwhoreniggagay.bin"; depth:77; endswith; nocase; http.host; content:"cdn.discordapp.com"; depth:18; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842262/; classtype:trojan-activity;sid:82705362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842260)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"42.231.232.125"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842260/; classtype:trojan-activity;sid:82705360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842259)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.43.124.97"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842259/; classtype:trojan-activity;sid:82705359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842258)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.43.112.172"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842258/; classtype:trojan-activity;sid:82705358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842256)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.255.210.176"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842256/; classtype:trojan-activity;sid:82705356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842257)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.248.72.72"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842257/; classtype:trojan-activity;sid:82705357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842255)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.99.130.124"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842255/; classtype:trojan-activity;sid:82705355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842252)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.83.198"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842252/; classtype:trojan-activity;sid:82705352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842253)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.45.115.212"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842253/; classtype:trojan-activity;sid:82705353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842254)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.220.8"; depth:11; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842254/; classtype:trojan-activity;sid:82705354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842251)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"186.33.89.59"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842251/; classtype:trojan-activity;sid:82705351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842250)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3339/svpsava7aa9l/"; depth:19; endswith; nocase; http.host; content:"partycommittee.club"; depth:19; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842250/; classtype:trojan-activity;sid:82705350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842249)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.194.166.184"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842249/; classtype:trojan-activity;sid:82705349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842248)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.217.155.129"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842248/; classtype:trojan-activity;sid:82705348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842247)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"163.179.235.144"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842247/; classtype:trojan-activity;sid:82705347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842246)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"171.81.72.29"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842246/; classtype:trojan-activity;sid:82705346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842245)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"122.239.156.94"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842245/; classtype:trojan-activity;sid:82705345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842244)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.195.87.188"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842244/; classtype:trojan-activity;sid:82705344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842243)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.242.193.65"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842243/; classtype:trojan-activity;sid:82705343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842242)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.207.61.224"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842242/; classtype:trojan-activity;sid:82705342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842240)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.61.113.88"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842240/; classtype:trojan-activity;sid:82705340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842241)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"171.81.81.103"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842241/; classtype:trojan-activity;sid:82705341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842239)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.104.238.6"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842239/; classtype:trojan-activity;sid:82705339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842238)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/6/1uaufe/"; depth:10; endswith; nocase; http.host; content:"thingapp.xyz"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842238/; classtype:trojan-activity;sid:82705338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842237)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/j7jvz/hkt/"; depth:11; endswith; nocase; http.host; content:"significancetoday.world"; depth:23; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842237/; classtype:trojan-activity;sid:82705337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842236)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bestzx.exe"; depth:11; endswith; nocase; http.host; content:"fruityx.tk"; depth:10; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842236/; classtype:trojan-activity;sid:82705336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842235)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.99.197.0"; depth:11; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842235/; classtype:trojan-activity;sid:82705335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842234)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/holler/rollerkind.exe"; depth:22; endswith; nocase; http.host; content:"neofunkyjunky.com"; depth:17; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842234/; classtype:trojan-activity;sid:82705334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842233)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/holler/rollerkind2.exe"; depth:23; endswith; nocase; http.host; content:"neofunkyjunky.com"; depth:17; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842233/; classtype:trojan-activity;sid:82705333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842232)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.99.47.224"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842232/; classtype:trojan-activity;sid:82705332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842231)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tcwdk/rg3k2bpt5p3soqyi/"; depth:24; endswith; nocase; http.host; content:"meetappearance.club"; depth:19; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842231/; classtype:trojan-activity;sid:82705331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842230)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.3.158.217"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842230/; classtype:trojan-activity;sid:82705330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842229)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.99.198.193"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842229/; classtype:trojan-activity;sid:82705329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842228)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"62.16.49.8"; depth:10; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842228/; classtype:trojan-activity;sid:82705328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842227)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.227.251.105"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842227/; classtype:trojan-activity;sid:82705327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842225)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"58.252.181.161"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842225/; classtype:trojan-activity;sid:82705325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842226)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.43.108.14"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842226/; classtype:trojan-activity;sid:82705326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842223)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/x/"; depth:12; endswith; nocase; http.host; content:"meetsatisfaction.club"; depth:21; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842223/; classtype:trojan-activity;sid:82705323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842224)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"58.249.90.192"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842224/; classtype:trojan-activity;sid:82705324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842222)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.243.208.223"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842222/; classtype:trojan-activity;sid:82705322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842221)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"186.33.87.22"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842221/; classtype:trojan-activity;sid:82705321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842220)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"42.231.213.218"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842220/; classtype:trojan-activity;sid:82705320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842219)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"163.125.28.24"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842219/; classtype:trojan-activity;sid:82705319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842218)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"189.85.35.45"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842218/; classtype:trojan-activity;sid:82705318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842217)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.127.218.34"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842217/; classtype:trojan-activity;sid:82705317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842216)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.122.195.93"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842216/; classtype:trojan-activity;sid:82705316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842215)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.126.97.166"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842215/; classtype:trojan-activity;sid:82705315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842214)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.62.174.99"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842214/; classtype:trojan-activity;sid:82705314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842213)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.98.44.133"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842213/; classtype:trojan-activity;sid:82705313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842211)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.47.110.93"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842211/; classtype:trojan-activity;sid:82705311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842212)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.195.89.117"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842212/; classtype:trojan-activity;sid:82705312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842209)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1/vaeeocrlulvaoaamrs/"; depth:22; endswith; nocase; http.host; content:"grocerytogo.xyz"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842209/; classtype:trojan-activity;sid:82705309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842210)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.41.212.72"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842210/; classtype:trojan-activity;sid:82705310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842207)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.198.243.114"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842207/; classtype:trojan-activity;sid:82705307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842208)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.207.229.51"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842208/; classtype:trojan-activity;sid:82705308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842206)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.188.144"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842206/; classtype:trojan-activity;sid:82705306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842205)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"114.238.120.45"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842205/; classtype:trojan-activity;sid:82705305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842204)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"111.61.154.107"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842204/; classtype:trojan-activity;sid:82705304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842203)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"122.237.155.143"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842203/; classtype:trojan-activity;sid:82705303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842202)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/urluch/erw4smmolrmtkojlf/"; depth:26; endswith; nocase; http.host; content:"satisfactionapp.club"; depth:20; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842202/; classtype:trojan-activity;sid:82705302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842201)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"190.103.65.202"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842201/; classtype:trojan-activity;sid:82705301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842200)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"182.59.39.186"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842200/; classtype:trojan-activity;sid:82705300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842199)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"122.231.189.85"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842199/; classtype:trojan-activity;sid:82705299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842198)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kugh7ig/rnpzu4rl4svjx7/"; depth:24; endswith; nocase; http.host; content:"dekasitkimya.com"; depth:16; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842198/; classtype:trojan-activity;sid:82705298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842197)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/llf411/tcllzhgmjrhfwbm9/"; depth:25; endswith; nocase; http.host; content:"growthdevelopment.xyz"; depth:21; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842197/; classtype:trojan-activity;sid:82705297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842196)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.99.47.115"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842196/; classtype:trojan-activity;sid:82705296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842195)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/madreperl/ihi0lirr42rqls8x/"; depth:28; endswith; nocase; http.host; content:"globaldevelopment.world"; depth:23; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842195/; classtype:trojan-activity;sid:82705295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842194)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.44.69.26"; depth:11; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842194/; classtype:trojan-activity;sid:82705294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842193)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"178.141.41.223"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842193/; classtype:trojan-activity;sid:82705293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842192)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.52.100.70"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842192/; classtype:trojan-activity;sid:82705292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842190)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.155.106.151"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842190/; classtype:trojan-activity;sid:82705290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842191)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.45.19.31"; depth:11; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842191/; classtype:trojan-activity;sid:82705291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842188)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"190.75.152.232"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842188/; classtype:trojan-activity;sid:82705288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842189)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.6.242.223"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842189/; classtype:trojan-activity;sid:82705289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842187)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"45.224.57.193"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842187/; classtype:trojan-activity;sid:82705287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842186)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.213.150.190"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842186/; classtype:trojan-activity;sid:82705286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842185)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"219.157.64.237"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842185/; classtype:trojan-activity;sid:82705285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842183)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"152.247.43.35"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842183/; classtype:trojan-activity;sid:82705283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842184)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"182.124.120.203"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842184/; classtype:trojan-activity;sid:82705284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842182)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"171.121.5.22"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842182/; classtype:trojan-activity;sid:82705282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842181)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"163.142.103.136"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842181/; classtype:trojan-activity;sid:82705281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842180)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.194.166.171"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842180/; classtype:trojan-activity;sid:82705280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842179)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/biometrical/h3hfi/"; depth:19; endswith; nocase; http.host; content:"committeestar.world"; depth:19; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842179/; classtype:trojan-activity;sid:82705279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842178)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"122.140.97.193"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842178/; classtype:trojan-activity;sid:82705278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842177)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"179.165.99.73"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842177/; classtype:trojan-activity;sid:82705277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842176)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.49.235.225"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842176/; classtype:trojan-activity;sid:82705276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842175)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"103.82.187.102"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842175/; classtype:trojan-activity;sid:82705275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842174)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.242.193.65"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842174/; classtype:trojan-activity;sid:82705274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842173)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/4717/i/"; depth:8; endswith; nocase; http.host; content:"developmentconsulting.world"; depth:27; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842173/; classtype:trojan-activity;sid:82705273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842172)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/th1rim6/"; depth:18; endswith; nocase; http.host; content:"bedroomhome.xyz"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842172/; classtype:trojan-activity;sid:82705272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842171)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.10.132.18"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842171/; classtype:trojan-activity;sid:82705271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842170)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/x7dvu7q/"; depth:18; endswith; nocase; http.host; content:"knopsguide.xyz"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842170/; classtype:trojan-activity;sid:82705270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842169)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.232.63.60"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842169/; classtype:trojan-activity;sid:82705269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842168)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s69zi1/vkbhhgzipb/"; depth:19; endswith; nocase; http.host; content:"firstpanther.xyz"; depth:16; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842168/; classtype:trojan-activity;sid:82705268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842167)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.106.120.1"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842167/; classtype:trojan-activity;sid:82705267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842166)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.99.47.224"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842166/; classtype:trojan-activity;sid:82705266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842165)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"79.176.71.88"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842165/; classtype:trojan-activity;sid:82705265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842164)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.243.47.51"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842164/; classtype:trojan-activity;sid:82705264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842163)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.90.149.37"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842163/; classtype:trojan-activity;sid:82705263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842162)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.3.153.167"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842162/; classtype:trojan-activity;sid:82705262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842161)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.96.46.180"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842161/; classtype:trojan-activity;sid:82705261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842160)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"223.130.31.70"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842160/; classtype:trojan-activity;sid:82705260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842158)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.154.125.5"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842158/; classtype:trojan-activity;sid:82705258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842159)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.154.101.161"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842159/; classtype:trojan-activity;sid:82705259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842157)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.215.211.139"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842157/; classtype:trojan-activity;sid:82705257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842156)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"179.150.114.206"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842156/; classtype:trojan-activity;sid:82705256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842154)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.100.251"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842154/; classtype:trojan-activity;sid:82705254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842155)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.120.54.0"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842155/; classtype:trojan-activity;sid:82705255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842153)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"163.204.83.72"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842153/; classtype:trojan-activity;sid:82705253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842152)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"163.125.183.234"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842152/; classtype:trojan-activity;sid:82705252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842148)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/804813341068.dat2"; depth:18; endswith; nocase; http.host; content:"146.19.170.39"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842148/; classtype:trojan-activity;sid:82705248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842149)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/804813341068.dat"; depth:17; endswith; nocase; http.host; content:"146.19.170.39"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842149/; classtype:trojan-activity;sid:82705249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842150)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.121.244.162"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842150/; classtype:trojan-activity;sid:82705250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842151)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"41.86.5.111"; depth:11; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842151/; classtype:trojan-activity;sid:82705251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842144)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/804813341068.dat2"; depth:18; endswith; nocase; http.host; content:"94.140.114.63"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842144/; classtype:trojan-activity;sid:82705244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842145)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/804813341068.dat"; depth:17; endswith; nocase; http.host; content:"94.140.114.63"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842145/; classtype:trojan-activity;sid:82705245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842146)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/804813341068.dat2"; depth:18; endswith; nocase; http.host; content:"185.106.123.73"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842146/; classtype:trojan-activity;sid:82705246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842147)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/804813341068.dat"; depth:17; endswith; nocase; http.host; content:"185.106.123.73"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842147/; classtype:trojan-activity;sid:82705247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842143)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"45.229.54.143"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842143/; classtype:trojan-activity;sid:82705243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842142)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.193.122.33"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842142/; classtype:trojan-activity;sid:82705242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842141)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zaf9ihi/qh1zqwfb/"; depth:18; endswith; nocase; http.host; content:"leadershipskills.world"; depth:22; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842141/; classtype:trojan-activity;sid:82705241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842139)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.223.87.207"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842139/; classtype:trojan-activity;sid:82705239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842140)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.50.37.133"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842140/; classtype:trojan-activity;sid:82705240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842136)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.43.7.115"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842136/; classtype:trojan-activity;sid:82705236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842137)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.59.248.93"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842137/; classtype:trojan-activity;sid:82705237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842138)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.237.15.183"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842138/; classtype:trojan-activity;sid:82705238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842133)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"116.212.152.154"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842133/; classtype:trojan-activity;sid:82705233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842134)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.196.56.237"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842134/; classtype:trojan-activity;sid:82705234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842135)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"116.75.212.154"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842135/; classtype:trojan-activity;sid:82705235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842132)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.14.105.168"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842132/; classtype:trojan-activity;sid:82705232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842131)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.63.186"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842131/; classtype:trojan-activity;sid:82705231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842130)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"115.197.71.235"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842130/; classtype:trojan-activity;sid:82705230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842129)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"113.99.78.171"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842129/; classtype:trojan-activity;sid:82705229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842128)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/oq3nzoqpu11x9rq/"; depth:26; endswith; nocase; http.host; content:"careeroccupant.xyz"; depth:18; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842128/; classtype:trojan-activity;sid:82705228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842127)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/quodexpedita/servandusneturas-745541"; depth:37; endswith; nocase; http.host; content:"alumnos.uiwbajio.mx"; depth:19; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842127/; classtype:trojan-activity;sid:82705227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842125)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.99.47.115"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842125/; classtype:trojan-activity;sid:82705225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842126)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/quiaquod/veterrimistransfer-251377"; depth:35; endswith; nocase; http.host; content:"alqalaa-scs.com"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842126/; classtype:trojan-activity;sid:82705226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842123)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.74.92.122"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842123/; classtype:trojan-activity;sid:82705223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842124)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/2a2zld7qjyf/"; depth:22; endswith; nocase; http.host; content:"bedroomnow.xyz"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842124/; classtype:trojan-activity;sid:82705224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842122)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.10.132.18"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842122/; classtype:trojan-activity;sid:82705222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842121)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/estcorporis/carusluseram-690457"; depth:32; endswith; nocase; http.host; content:"m.metrocardz.com"; depth:16; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842121/; classtype:trojan-activity;sid:82705221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842120)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/providentest/agroofferendae-837309"; depth:35; endswith; nocase; http.host; content:"llmtv.llmchurch.org"; depth:19; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842120/; classtype:trojan-activity;sid:82705220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842119)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.87.203.16"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842119/; classtype:trojan-activity;sid:82705219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842118)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/repudiandaemaxime/oribusdivarum-596596"; depth:39; endswith; nocase; http.host; content:"themail.com.pk"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842118/; classtype:trojan-activity;sid:82705218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842117)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/9301/gunsmo/"; depth:13; endswith; nocase; http.host; content:"housereviews.xyz"; depth:16; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842117/; classtype:trojan-activity;sid:82705217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842116)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"92.101.220.97"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842116/; classtype:trojan-activity;sid:82705216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842115)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.74.125.123"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842115/; classtype:trojan-activity;sid:82705215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842114)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.163.140.145"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842114/; classtype:trojan-activity;sid:82705214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842113)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pzwstx/0dm/"; depth:12; endswith; nocase; http.host; content:"bedroomboutique.world"; depth:21; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842113/; classtype:trojan-activity;sid:82705213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842112)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.230.144.244"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842112/; classtype:trojan-activity;sid:82705212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842111)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.99.135.111"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842111/; classtype:trojan-activity;sid:82705211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842110)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.249.89.34"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842110/; classtype:trojan-activity;sid:82705210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842109)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"186.33.64.225"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842109/; classtype:trojan-activity;sid:82705209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842108)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.57.97.112"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842108/; classtype:trojan-activity;sid:82705208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842106)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.121.173"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842106/; classtype:trojan-activity;sid:82705206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842107)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"179.150.94.87"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842107/; classtype:trojan-activity;sid:82705207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842105)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.116.72.131"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842105/; classtype:trojan-activity;sid:82705205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842104)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.57.118.56"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842104/; classtype:trojan-activity;sid:82705204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842103)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"14.157.90.190"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842103/; classtype:trojan-activity;sid:82705203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842102)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.58.37.153"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842102/; classtype:trojan-activity;sid:82705202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842101)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"122.6.254.48"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842101/; classtype:trojan-activity;sid:82705201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842100)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"124.228.54.204"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842100/; classtype:trojan-activity;sid:82705200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842099)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/belovedpets/5iw/"; depth:17; endswith; nocase; http.host; content:"comistery.club"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842099/; classtype:trojan-activity;sid:82705199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842098)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.106.156.75"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842098/; classtype:trojan-activity;sid:82705198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842097)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"111.38.123.158"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842097/; classtype:trojan-activity;sid:82705197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842096)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"82.151.125.194"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842096/; classtype:trojan-activity;sid:82705196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842095)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/etveniam/obtulerassuperfuerint-756250"; depth:38; endswith; nocase; http.host; content:"profesores.uiwbajio.mx"; depth:22; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842095/; classtype:trojan-activity;sid:82705195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842094)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/quisquamnam/inducletato-887336"; depth:31; endswith; nocase; http.host; content:"new.llmchurch.org"; depth:17; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842094/; classtype:trojan-activity;sid:82705194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842093)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aliquidqui/appetendifortissimo-924155"; depth:38; endswith; nocase; http.host; content:"mobilikit.com.br"; depth:16; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842093/; classtype:trojan-activity;sid:82705193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842092)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/recusandaeunde/claudiusaddentis-562621"; depth:39; endswith; nocase; http.host; content:"itccf.org"; depth:9; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842092/; classtype:trojan-activity;sid:82705192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842091)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/wz9yqe/"; depth:17; endswith; nocase; http.host; content:"allgrowth.world"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842091/; classtype:trojan-activity;sid:82705191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842090)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.99.40.23"; depth:11; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842090/; classtype:trojan-activity;sid:82705190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842089)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/numquammolestias/plorationemviatricis-434492"; depth:45; endswith; nocase; http.host; content:"bhole.msquaretec.com"; depth:20; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842089/; classtype:trojan-activity;sid:82705189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842088)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.210.12"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842088/; classtype:trojan-activity;sid:82705188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842087)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/crgxfbr4m45ila/"; depth:25; endswith; nocase; http.host; content:"mersinoptimasigorta.com"; depth:23; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842087/; classtype:trojan-activity;sid:82705187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842086)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.119.211.100"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842086/; classtype:trojan-activity;sid:82705186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842085)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.109.52"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842085/; classtype:trojan-activity;sid:82705185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842084)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cgi-bin/eydi8tsz7cem/"; depth:22; endswith; nocase; http.host; content:"e-awsom.com"; depth:11; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842084/; classtype:trojan-activity;sid:82705184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842083)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.96.46.180"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842083/; classtype:trojan-activity;sid:82705183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842082)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.92.44.224"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842082/; classtype:trojan-activity;sid:82705182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842081)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"45.231.210.249"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842081/; classtype:trojan-activity;sid:82705181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842080)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.248.76.216"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842080/; classtype:trojan-activity;sid:82705180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842079)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/oy5reh2/"; depth:18; endswith; nocase; http.host; content:"web-marketer.online"; depth:19; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842079/; classtype:trojan-activity;sid:82705179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842077)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dignissimosmolestiae/orationiscurandum-728237"; depth:46; endswith; nocase; http.host; content:"vitaenterprises.in"; depth:18; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842077/; classtype:trojan-activity;sid:82705177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842078)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.15.249.94"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842078/; classtype:trojan-activity;sid:82705178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842076)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.40.79.137"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842076/; classtype:trojan-activity;sid:82705176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842075)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.229.145.237"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842075/; classtype:trojan-activity;sid:82705175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842074)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/occaecatiexpedita/disturbaturumopposuissetis-529918"; depth:52; endswith; nocase; http.host; content:"dbind.in"; depth:8; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842074/; classtype:trojan-activity;sid:82705174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842073)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/velitomnis/viantiainstruxeras-245498"; depth:37; endswith; nocase; http.host; content:"demo.bluelights.in"; depth:18; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842073/; classtype:trojan-activity;sid:82705173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842072)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"188.169.174.166"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842072/; classtype:trojan-activity;sid:82705172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842071)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download|3f|cid=2b78758ee6794d3c|7c|26|7c|resid=2b78758ee6794d3c%21106|7c|26|7c|authkey=anvpnt4tf8mmxii|7c|26|7c|em=2"; depth:118; endswith; nocase; http.host; content:"onedrive.live.com"; depth:17; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842071/; classtype:trojan-activity;sid:82705171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842070)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download|3f|cid=5d14c6579f1ec01d|7c|26|7c|resid=5d14c6579f1ec01d%21107|7c|26|7c|authkey=alrhqpseegr2bqy|7c|26|7c|em=2"; depth:118; endswith; nocase; http.host; content:"onedrive.live.com"; depth:17; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842070/; classtype:trojan-activity;sid:82705170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842068)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.63.186"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842068/; classtype:trojan-activity;sid:82705168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842069)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/veritatiset/fororumdilatareris-996943"; depth:38; endswith; nocase; http.host; content:"ubuntu-inc.com"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842069/; classtype:trojan-activity;sid:82705169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842067)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/errorquam/aeribusdisturbaverunt-583915"; depth:39; endswith; nocase; http.host; content:"tradingview.mersinkarahaber.com"; depth:31; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842067/; classtype:trojan-activity;sid:82705167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842063)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download|3f|cid=40413007160392d6|7c|26|7c|resid=40413007160392d6%21112|7c|26|7c|authkey=abodcnz-ypaafam|7c|26|7c|em=2"; depth:118; endswith; nocase; http.host; content:"onedrive.live.com"; depth:17; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842063/; classtype:trojan-activity;sid:82705163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842064)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download|3f|cid=93cbabb84eb763d1|7c|26|7c|resid=93cbabb84eb763d1%21113|7c|26|7c|authkey=ak8abkj0mqfcc0i|7c|26|7c|em=2"; depth:118; endswith; nocase; http.host; content:"onedrive.live.com"; depth:17; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842064/; classtype:trojan-activity;sid:82705164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842065)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download|3f|cid=9c41ac0fc212b99c|7c|26|7c|resid=9c41ac0fc212b99c%21110|7c|26|7c|authkey=abzafsxez1egnuk|7c|26|7c|em=2"; depth:118; endswith; nocase; http.host; content:"onedrive.live.com"; depth:17; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842065/; classtype:trojan-activity;sid:82705165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842066)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download|3f|cid=b40d64cac6d063e1|7c|26|7c|resid=b40d64cac6d063e1%21109|7c|26|7c|authkey=akfdo9yzplzgg9u|7c|26|7c|em=2"; depth:118; endswith; nocase; http.host; content:"onedrive.live.com"; depth:17; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842066/; classtype:trojan-activity;sid:82705166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842062)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"177.212.76.235"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842062/; classtype:trojan-activity;sid:82705162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842061)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"220.191.22.0"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842061/; classtype:trojan-activity;sid:82705161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842060)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.59.102.106"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842060/; classtype:trojan-activity;sid:82705160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842059)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"157.122.104.83"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842059/; classtype:trojan-activity;sid:82705159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842057)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/solutions/bkgl/"; depth:16; endswith; nocase; http.host; content:"thepinnaclecircle.com"; depth:21; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842057/; classtype:trojan-activity;sid:82705157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842058)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.10.215.235"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842058/; classtype:trojan-activity;sid:82705158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842056)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"171.38.218.104"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842056/; classtype:trojan-activity;sid:82705156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842055)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2/nldzrryacy6/"; depth:15; endswith; nocase; http.host; content:"searchcraigslist.us"; depth:19; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842055/; classtype:trojan-activity;sid:82705155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842053)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.74.92.122"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842053/; classtype:trojan-activity;sid:82705153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842054)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.45.141"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842054/; classtype:trojan-activity;sid:82705154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842051)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.112.50"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842051/; classtype:trojan-activity;sid:82705151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842052)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.158.227"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842052/; classtype:trojan-activity;sid:82705152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842050)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.90.151"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842050/; classtype:trojan-activity;sid:82705150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842049)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ko3u7t9y86ikgzg/"; depth:17; endswith; nocase; http.host; content:"www.wmelevatori.it"; depth:18; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842049/; classtype:trojan-activity;sid:82705149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842048)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/seswmr/cla/"; depth:12; endswith; nocase; http.host; content:"sacandagamysterycoin.com"; depth:24; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842048/; classtype:trojan-activity;sid:82705148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842047)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.99.40.23"; depth:11; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842047/; classtype:trojan-activity;sid:82705147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842046)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/excepturidolorem/datamsolvimus-720290"; depth:38; endswith; nocase; http.host; content:"jspa.mcqsmentor.com"; depth:19; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842046/; classtype:trojan-activity;sid:82705146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842045)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2/ttrox/"; depth:9; endswith; nocase; http.host; content:"freakshowbanner.com"; depth:19; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842045/; classtype:trojan-activity;sid:82705145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842044)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.105.17.124"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842044/; classtype:trojan-activity;sid:82705144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842043)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/omnissimilique/instrueappelle-897303"; depth:37; endswith; nocase; http.host; content:"sslwec.mcqsmentor.com"; depth:21; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842043/; classtype:trojan-activity;sid:82705143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842042)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nonlibero/sanatfascinationes-315623"; depth:36; endswith; nocase; http.host; content:"baogia.cokhitienbo.vn"; depth:21; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842042/; classtype:trojan-activity;sid:82705142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842041)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/enimullam/sumpserimusreddant-746604"; depth:36; endswith; nocase; http.host; content:"bibleresearchtools.net"; depth:22; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842041/; classtype:trojan-activity;sid:82705141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842040)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.58.37.153"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842040/; classtype:trojan-activity;sid:82705140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842039)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.52.211.244"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842039/; classtype:trojan-activity;sid:82705139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842038)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/etvoluptatem/tangenduscommuta-975007"; depth:37; endswith; nocase; http.host; content:"klom.mcqsmentor.com"; depth:19; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842038/; classtype:trojan-activity;sid:82705138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842037)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.255.19.214"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842037/; classtype:trojan-activity;sid:82705137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842035)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"49.89.215.9"; depth:11; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842035/; classtype:trojan-activity;sid:82705135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842036)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.25.18"; depth:11; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842036/; classtype:trojan-activity;sid:82705136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842034)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"27.209.76.68"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842034/; classtype:trojan-activity;sid:82705134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842033)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/daoyb/"; depth:16; endswith; nocase; http.host; content:"new.selltoqvc.com"; depth:17; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842033/; classtype:trojan-activity;sid:82705133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842032)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.6.198.22"; depth:11; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842032/; classtype:trojan-activity;sid:82705132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842031)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"186.33.85.50"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842031/; classtype:trojan-activity;sid:82705131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842030)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.116.97.166"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842030/; classtype:trojan-activity;sid:82705130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842029)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"182.116.41.114"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842029/; classtype:trojan-activity;sid:82705129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842028)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.56.217.129"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842028/; classtype:trojan-activity;sid:82705128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842027)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.121.173"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842027/; classtype:trojan-activity;sid:82705127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842026)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.9.107.89"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842026/; classtype:trojan-activity;sid:82705126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842025)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"154.192.34.166"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842025/; classtype:trojan-activity;sid:82705125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842024)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.87.49.233"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842024/; classtype:trojan-activity;sid:82705124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842023)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"58.252.178.226"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842023/; classtype:trojan-activity;sid:82705123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842022)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"115.198.90.125"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842022/; classtype:trojan-activity;sid:82705122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842020)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/huedsj/filjgw3/"; depth:16; endswith; nocase; http.host; content:"mex035.com"; depth:10; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842020/; classtype:trojan-activity;sid:82705120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842021)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.241.186.45"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842021/; classtype:trojan-activity;sid:82705121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842017)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"113.186.164.79"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842017/; classtype:trojan-activity;sid:82705117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842018)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.222.169.45"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842018/; classtype:trojan-activity;sid:82705118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842019)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.201.197.250"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842019/; classtype:trojan-activity;sid:82705119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842015)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.59.173.42"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842015/; classtype:trojan-activity;sid:82705115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842016)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.251.54.130"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842016/; classtype:trojan-activity;sid:82705116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842012)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.45.47"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842012/; classtype:trojan-activity;sid:82705112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842013)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.215.247.76"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842013/; classtype:trojan-activity;sid:82705113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842014)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"118.174.113.111"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842014/; classtype:trojan-activity;sid:82705114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842010)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.223.88.250"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842010/; classtype:trojan-activity;sid:82705110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842011)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.195.91.147"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842011/; classtype:trojan-activity;sid:82705111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842009)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.81.203.128"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842009/; classtype:trojan-activity;sid:82705109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842008)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"110.253.212.161"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842008/; classtype:trojan-activity;sid:82705108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842007)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"163.204.223.107"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842007/; classtype:trojan-activity;sid:82705107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842006)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/qlqxtwrt2v/"; depth:21; endswith; nocase; http.host; content:"new.qvcrep.com"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842006/; classtype:trojan-activity;sid:82705106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842005)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.210.12"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842005/; classtype:trojan-activity;sid:82705105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842004)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/autdolores/commotoputatas-387249"; depth:33; endswith; nocase; http.host; content:"ght.mcqsmentor.com"; depth:18; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842004/; classtype:trojan-activity;sid:82705104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842002)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.118.12.68"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842002/; classtype:trojan-activity;sid:82705102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842003)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/officiaea/sinisdeleor-437892"; depth:29; endswith; nocase; http.host; content:"furnitureminimalisbandung.com"; depth:29; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842003/; classtype:trojan-activity;sid:82705103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842001)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.3.187.196"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842001/; classtype:trojan-activity;sid:82705101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1842000)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sapienteneque/curabamuspingebaris-782488"; depth:41; endswith; nocase; http.host; content:"styledbylinda.com.au"; depth:20; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1842000/; classtype:trojan-activity;sid:82705100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841999)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/voluptatemconsequatur/nominaretcavebas-970365"; depth:46; endswith; nocase; http.host; content:"rayfrankolive.com"; depth:17; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841999/; classtype:trojan-activity;sid:82705099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841997)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3/rrs7qjqcrlhsjg/"; depth:18; endswith; nocase; http.host; content:"new.qvcbroker.com"; depth:17; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841997/; classtype:trojan-activity;sid:82705097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841998)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/suntnisi/praedixerimdelet-316514"; depth:33; endswith; nocase; http.host; content:"blog.manipalinn.com"; depth:19; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841998/; classtype:trojan-activity;sid:82705098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841996)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.59.187.135"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841996/; classtype:trojan-activity;sid:82705096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841995)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/attachments/910281601559167006/911181575390122024/pctool.exe"; depth:61; endswith; nocase; http.host; content:"cdn.discordapp.com"; depth:18; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841995/; classtype:trojan-activity;sid:82705095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841994)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qwtqc/hnwb2p/"; depth:14; endswith; nocase; http.host; content:"nomadknight.com"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841994/; classtype:trojan-activity;sid:82705094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841993)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.168.141.114"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841993/; classtype:trojan-activity;sid:82705093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841992)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.139.113.116"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841992/; classtype:trojan-activity;sid:82705092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841991)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"42.231.93.210"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841991/; classtype:trojan-activity;sid:82705091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841990)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"89.39.3.12"; depth:10; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841990/; classtype:trojan-activity;sid:82705090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841988)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.157.222.106"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841988/; classtype:trojan-activity;sid:82705088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841989)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.193.23.101"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841989/; classtype:trojan-activity;sid:82705089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841987)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/5298_1638362460_3072.exe"; depth:31; endswith; nocase; http.host; content:"host-file-host-3.com"; depth:20; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841987/; classtype:trojan-activity;sid:82705087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841986)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"60.17.11.26"; depth:11; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841986/; classtype:trojan-activity;sid:82705086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841985)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.97.169.58"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841985/; classtype:trojan-activity;sid:82705085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841984)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"104.220.122.206"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841984/; classtype:trojan-activity;sid:82705084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841983)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"183.188.117.250"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841983/; classtype:trojan-activity;sid:82705083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841982)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.121.118.180"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841982/; classtype:trojan-activity;sid:82705082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841981)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.158.172"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841981/; classtype:trojan-activity;sid:82705081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841980)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rei4lbxa/jei4s15x/"; depth:19; endswith; nocase; http.host; content:"fairsubject.com"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841980/; classtype:trojan-activity;sid:82705080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841979)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.194.168.26"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841979/; classtype:trojan-activity;sid:82705079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841978)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"14.237.30.43"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841978/; classtype:trojan-activity;sid:82705078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841977)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"116.73.63.186"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841977/; classtype:trojan-activity;sid:82705077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841976)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"115.56.130.230"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841976/; classtype:trojan-activity;sid:82705076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841975)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.85.209.209"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841975/; classtype:trojan-activity;sid:82705075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841974)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.196.22.24"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841974/; classtype:trojan-activity;sid:82705074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841973)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.112.50"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841973/; classtype:trojan-activity;sid:82705073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841971)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.4.206.231"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841971/; classtype:trojan-activity;sid:82705071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841972)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.42.251"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841972/; classtype:trojan-activity;sid:82705072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841970)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.198.247.176"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841970/; classtype:trojan-activity;sid:82705070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841969)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/35hyy/m7v/"; depth:11; endswith; nocase; http.host; content:"cutesuri.com"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841969/; classtype:trojan-activity;sid:82705069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841968)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.92.113.74"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841968/; classtype:trojan-activity;sid:82705068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841967)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.95.11.20"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841967/; classtype:trojan-activity;sid:82705067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841966)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"101.25.55.23"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841966/; classtype:trojan-activity;sid:82705066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841965)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eosquia/deponaslocas-679350"; depth:28; endswith; nocase; http.host; content:"news.uposit.me"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841965/; classtype:trojan-activity;sid:82705065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841964)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/consequaturet/tangenataveritis-655168"; depth:38; endswith; nocase; http.host; content:"sehat-cantik.com"; depth:16; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841964/; classtype:trojan-activity;sid:82705064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841963)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/noneaque/admovensobstructurus-284241"; depth:37; endswith; nocase; http.host; content:"rayfrankoenvivo.com"; depth:19; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841963/; classtype:trojan-activity;sid:82705063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841962)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/estnecessitatibus/tetigissemuslusos-392447"; depth:43; endswith; nocase; http.host; content:"drfarsai.com"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841962/; classtype:trojan-activity;sid:82705062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841961)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inciduntdicta/restruofies-810691"; depth:33; endswith; nocase; http.host; content:"dashb.mcqsmentor.com"; depth:20; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841961/; classtype:trojan-activity;sid:82705061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841960)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/izjda/"; depth:16; endswith; nocase; http.host; content:"motherhooddefined.com"; depth:21; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841960/; classtype:trojan-activity;sid:82705060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841959)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.85.185.129"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841959/; classtype:trojan-activity;sid:82705059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841958)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.218.30.145"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841958/; classtype:trojan-activity;sid:82705058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841955)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"183.158.139.17"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841955/; classtype:trojan-activity;sid:82705055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841956)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.181.99"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841956/; classtype:trojan-activity;sid:82705056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841957)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.3.184.209"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841957/; classtype:trojan-activity;sid:82705057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841954)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/7/azlmusiwlayoi/"; depth:17; endswith; nocase; http.host; content:"new.hsnbroker.com"; depth:17; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841954/; classtype:trojan-activity;sid:82705054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841953)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/msqsevusve9yrl/"; depth:16; endswith; nocase; http.host; content:"new.amazonbroker.com"; depth:20; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841953/; classtype:trojan-activity;sid:82705053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841952)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/maximevel/emittitosolvente-902490"; depth:34; endswith; nocase; http.host; content:"dato.social"; depth:11; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841952/; classtype:trojan-activity;sid:82705052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841951)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/teneturplaceat/sentiamusmansori-414391"; depth:39; endswith; nocase; http.host; content:"uposit.me"; depth:9; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841951/; classtype:trojan-activity;sid:82705051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841949)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rerumblanditiis/opponitnetum-926134"; depth:36; endswith; nocase; http.host; content:"ameri-flora.com"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841949/; classtype:trojan-activity;sid:82705049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841950)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/abdolores/texistipagorum-259790"; depth:32; endswith; nocase; http.host; content:"crm-fast.com"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841950/; classtype:trojan-activity;sid:82705050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841948)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.251.54.1"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841948/; classtype:trojan-activity;sid:82705048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841947)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/doloribuset/crevististructo-484910"; depth:35; endswith; nocase; http.host; content:"share.wasmon.org"; depth:16; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841947/; classtype:trojan-activity;sid:82705047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841946)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"181.191.237.67"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841946/; classtype:trojan-activity;sid:82705046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841945)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.30.4.118"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841945/; classtype:trojan-activity;sid:82705045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841943)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.7.29.73"; depth:10; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841943/; classtype:trojan-activity;sid:82705043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841944)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"49.89.93.135"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841944/; classtype:trojan-activity;sid:82705044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841942)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/css/xjfu93zxgabs3wv/"; depth:21; endswith; nocase; http.host; content:"new.artsupport.rs"; depth:17; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841942/; classtype:trojan-activity;sid:82705042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841940)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/shedy.exe"; depth:10; endswith; nocase; http.host; content:"appsmanager.alert.com.mt"; depth:24; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841940/; classtype:trojan-activity;sid:82705040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841941)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.90.151"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841941/; classtype:trojan-activity;sid:82705041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841939)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"58.242.36.83"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841939/; classtype:trojan-activity;sid:82705039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841936)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"45.5.208.215"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841936/; classtype:trojan-activity;sid:82705036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841937)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"49.89.90.38"; depth:11; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841937/; classtype:trojan-activity;sid:82705037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841938)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.235.182.173"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841938/; classtype:trojan-activity;sid:82705038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841934)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.249.84.70"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841934/; classtype:trojan-activity;sid:82705034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841935)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.248.119.50"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841935/; classtype:trojan-activity;sid:82705035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841933)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"119.183.170.161"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841933/; classtype:trojan-activity;sid:82705033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841932)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.113.63.248"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841932/; classtype:trojan-activity;sid:82705032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841931)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"120.85.184.207"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841931/; classtype:trojan-activity;sid:82705031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841930)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"119.191.251.59"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841930/; classtype:trojan-activity;sid:82705030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841929)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.251.31.65"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841929/; classtype:trojan-activity;sid:82705029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841928)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.4.46.27"; depth:11; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841928/; classtype:trojan-activity;sid:82705028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841927)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.194.160.32"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841927/; classtype:trojan-activity;sid:82705027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841926)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.50.253.252"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841926/; classtype:trojan-activity;sid:82705026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841925)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.45.50.223"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841925/; classtype:trojan-activity;sid:82705025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841922)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.59.78.130"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841922/; classtype:trojan-activity;sid:82705022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841923)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.196.59.5"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841923/; classtype:trojan-activity;sid:82705023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841924)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"113.118.219.128"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841924/; classtype:trojan-activity;sid:82705024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841921)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.13.26.152"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841921/; classtype:trojan-activity;sid:82705021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841920)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/css/cdkas/"; depth:11; endswith; nocase; http.host; content:"testmedia.artechome.com"; depth:23; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841920/; classtype:trojan-activity;sid:82705020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841919)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/css/arujda4mzcf9hnl/"; depth:21; endswith; nocase; http.host; content:"en.artechome.com"; depth:16; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841919/; classtype:trojan-activity;sid:82705019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841918)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/quaeet/commutabatopposueritis-908165"; depth:37; endswith; nocase; http.host; content:"alaperhotelan.id"; depth:16; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841918/; classtype:trojan-activity;sid:82705018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841916)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.118.12.68"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841916/; classtype:trojan-activity;sid:82705016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841917)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"111.38.123.158"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841917/; classtype:trojan-activity;sid:82705017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841915)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/modiconsectetur/lentumrefugiente-603781"; depth:40; endswith; nocase; http.host; content:"cvrcakgrupa.com"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841915/; classtype:trojan-activity;sid:82705015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841914)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/solutasimilique/tegitotedomino-636761"; depth:38; endswith; nocase; http.host; content:"suadha.org"; depth:10; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841914/; classtype:trojan-activity;sid:82705014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841913)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sedcumque/cessaturovidendo-279545"; depth:34; endswith; nocase; http.host; content:"stjosephscbonpara.edu.bd"; depth:24; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841913/; classtype:trojan-activity;sid:82705013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841912)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/voluptatemsed/latricitransire-425706"; depth:37; endswith; nocase; http.host; content:"royaliptvhd.com"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841912/; classtype:trojan-activity;sid:82705012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841911)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/audio-ate-player/i6m1il0pii7tjjmcbl/"; depth:37; endswith; nocase; http.host; content:"ask-an-electrician.com"; depth:22; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841911/; classtype:trojan-activity;sid:82705011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841910)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3/2e/"; depth:6; endswith; nocase; http.host; content:"goldcountrycalifornia.com"; depth:25; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841910/; classtype:trojan-activity;sid:82705010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841909)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.233.21"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841909/; classtype:trojan-activity;sid:82705009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841908)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"180.137.147.190"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841908/; classtype:trojan-activity;sid:82705008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841907)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.79.174.248"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841907/; classtype:trojan-activity;sid:82705007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841906)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.236.213.28"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841906/; classtype:trojan-activity;sid:82705006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841905)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"49.89.215.213"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841905/; classtype:trojan-activity;sid:82705005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841904)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"31.217.105.113"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841904/; classtype:trojan-activity;sid:82705004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841903)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.137.186.14"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841903/; classtype:trojan-activity;sid:82705003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841902)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.45.117.31"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841902/; classtype:trojan-activity;sid:82705002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841901)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2/yee/"; depth:7; endswith; nocase; http.host; content:"community.geocodesltd.com"; depth:25; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841901/; classtype:trojan-activity;sid:82705001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841899)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"181.191.237.67"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841899/; classtype:trojan-activity;sid:82704999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841900)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"27.45.39.22"; depth:11; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841900/; classtype:trojan-activity;sid:82705000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841898)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.207.183.103"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841898/; classtype:trojan-activity;sid:82704998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841897)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.120.61.80"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841897/; classtype:trojan-activity;sid:82704997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841896)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.5.185.122"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841896/; classtype:trojan-activity;sid:82704996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841895)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.198.242.111"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841895/; classtype:trojan-activity;sid:82704995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841894)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2/rf/"; depth:6; endswith; nocase; http.host; content:"maryamin.store"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841894/; classtype:trojan-activity;sid:82704994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841893)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1/test.exe"; depth:11; endswith; nocase; http.host; content:"cheats2021.site"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841893/; classtype:trojan-activity;sid:82704993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841892)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.181.99"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841892/; classtype:trojan-activity;sid:82704992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841891)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/ccoedyldhtrxry/"; depth:27; endswith; nocase; http.host; content:"maedavenport.com"; depth:16; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841891/; classtype:trojan-activity;sid:82704991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841890)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/erroreligendi/hocorantor-276727"; depth:32; endswith; nocase; http.host; content:"lozhkin.foundation"; depth:18; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841890/; classtype:trojan-activity;sid:82704990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841889)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/perferendiset/reddituramturbem-840151"; depth:38; endswith; nocase; http.host; content:"lockrepair.ae"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841889/; classtype:trojan-activity;sid:82704989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841888)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"119.187.85.169"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841888/; classtype:trojan-activity;sid:82704988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841887)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"223.208.1.185"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841887/; classtype:trojan-activity;sid:82704987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841886)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.89.74.123"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841886/; classtype:trojan-activity;sid:82704986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841885)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/atsunt/ademptomenses-578566"; depth:28; endswith; nocase; http.host; content:"proyectoschavez.com.mx"; depth:22; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841885/; classtype:trojan-activity;sid:82704985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841884)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"49.89.93.56"; depth:11; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841884/; classtype:trojan-activity;sid:82704984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841883)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.194.171.150"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841883/; classtype:trojan-activity;sid:82704983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841882)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/quameos/transfertoludere-472757"; depth:32; endswith; nocase; http.host; content:"ameri-hvac.com"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841882/; classtype:trojan-activity;sid:82704982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841881)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/autnihil/emittemurlocis-673979"; depth:31; endswith; nocase; http.host; content:"dubairepairs.ae"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841881/; classtype:trojan-activity;sid:82704981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841880)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/uploads/l2waa4c5fbzxtit/"; depth:36; endswith; nocase; http.host; content:"goldfontaine.shop"; depth:17; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841880/; classtype:trojan-activity;sid:82704980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841879)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qss7r/bsfx/"; depth:12; endswith; nocase; http.host; content:"gamaes.shop"; depth:11; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841879/; classtype:trojan-activity;sid:82704979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841878)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/cnlb7g7oib83zp/"; depth:27; endswith; nocase; http.host; content:"newsaarctech.com"; depth:16; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841878/; classtype:trojan-activity;sid:82704978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841877)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download|3f|cid=265b0592b90d8970|7c|26|7c|resid=265b0592b90d8970%21861|7c|26|7c|authkey=adiaonyvtkfvy5a"; depth:104; endswith; nocase; http.host; content:"onedrive.live.com"; depth:17; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841877/; classtype:trojan-activity;sid:82704977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841876)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/attachments/915586005791301706/915587984152215582/mioennvio.txt"; depth:64; endswith; nocase; http.host; content:"cdn.discordapp.com"; depth:18; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841876/; classtype:trojan-activity;sid:82704976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841875)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.96.242.166"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841875/; classtype:trojan-activity;sid:82704975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841874)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"58.249.12.164"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841874/; classtype:trojan-activity;sid:82704974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841873)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.209.171.13"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841873/; classtype:trojan-activity;sid:82704973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841869)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/8/kh4foi5u/"; depth:12; endswith; nocase; http.host; content:"stout.vip"; depth:9; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841869/; classtype:trojan-activity;sid:82704969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841870)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.95.70.232"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841870/; classtype:trojan-activity;sid:82704970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841871)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.99.45.63"; depth:11; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841871/; classtype:trojan-activity;sid:82704971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841872)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.249.80.237"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841872/; classtype:trojan-activity;sid:82704972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841868)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"49.70.240.221"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841868/; classtype:trojan-activity;sid:82704968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841867)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"177.212.142.114"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841867/; classtype:trojan-activity;sid:82704967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841864)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.119.14.123"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841864/; classtype:trojan-activity;sid:82704964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841865)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.45.50.223"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841865/; classtype:trojan-activity;sid:82704965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841866)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.218.30.145"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841866/; classtype:trojan-activity;sid:82704966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841863)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"182.122.200.170"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841863/; classtype:trojan-activity;sid:82704963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841860)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"186.33.91.162"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841860/; classtype:trojan-activity;sid:82704960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841861)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"176.111.210.113"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841861/; classtype:trojan-activity;sid:82704961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841862)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.127.139.183"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841862/; classtype:trojan-activity;sid:82704962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841858)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.201.206.232"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841858/; classtype:trojan-activity;sid:82704958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841859)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"115.50.125.76"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841859/; classtype:trojan-activity;sid:82704959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841857)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.60.208.51"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841857/; classtype:trojan-activity;sid:82704957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841856)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.198.170.216"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841856/; classtype:trojan-activity;sid:82704956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841855)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"119.123.210.177"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841855/; classtype:trojan-activity;sid:82704955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841854)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"112.248.189.68"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841854/; classtype:trojan-activity;sid:82704954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841853)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.234.168.203"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841853/; classtype:trojan-activity;sid:82704953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841852)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"101.28.5.69"; depth:11; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841852/; classtype:trojan-activity;sid:82704952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841851)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"110.83.135.209"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841851/; classtype:trojan-activity;sid:82704951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841850)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.12.32.22"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841850/; classtype:trojan-activity;sid:82704950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841849)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.89.61.58"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841849/; classtype:trojan-activity;sid:82704949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841848)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.193.119.179"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841848/; classtype:trojan-activity;sid:82704948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841847)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.27.246.152"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841847/; classtype:trojan-activity;sid:82704947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841846)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/ds5y1ii3fyvt5b/"; depth:27; endswith; nocase; http.host; content:"mobbi.flywheelstaging.com"; depth:25; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841846/; classtype:trojan-activity;sid:82704946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841845)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"114.231.142.18"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841845/; classtype:trojan-activity;sid:82704945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841844)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.194.174.56"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841844/; classtype:trojan-activity;sid:82704944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841843)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.223.89.98"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841843/; classtype:trojan-activity;sid:82704943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841842)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eytzcly/w0l13ol/"; depth:17; endswith; nocase; http.host; content:"mblinkappmobile.com"; depth:19; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841842/; classtype:trojan-activity;sid:82704942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841841)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/om3ppf47/a8/"; depth:13; endswith; nocase; http.host; content:"bitcoinbillionnaire.com"; depth:23; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841841/; classtype:trojan-activity;sid:82704941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841840)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/capy/"; depth:15; endswith; nocase; http.host; content:"www.mckennaguitars.com"; depth:22; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841840/; classtype:trojan-activity;sid:82704940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841839)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.99.133.75"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841839/; classtype:trojan-activity;sid:82704939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841838)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.180.193"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841838/; classtype:trojan-activity;sid:82704938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841837)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.59.231.214"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841837/; classtype:trojan-activity;sid:82704937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841836)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.11.170.51"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841836/; classtype:trojan-activity;sid:82704936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841835)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.233.21"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841835/; classtype:trojan-activity;sid:82704935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841834)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"49.116.214.146"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841834/; classtype:trojan-activity;sid:82704934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841833)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.249.86.10"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841833/; classtype:trojan-activity;sid:82704933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841832)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.248.140.171"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841832/; classtype:trojan-activity;sid:82704932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841831)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.249.85.231"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841831/; classtype:trojan-activity;sid:82704931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841830)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.236.214.6"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841830/; classtype:trojan-activity;sid:82704930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841829)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.215.78.194"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841829/; classtype:trojan-activity;sid:82704929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841828)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.76.228.180"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841828/; classtype:trojan-activity;sid:82704928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841827)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"27.40.69.154"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841827/; classtype:trojan-activity;sid:82704927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841826)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"221.14.122.111"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841826/; classtype:trojan-activity;sid:82704926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841825)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.73.170.213"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841825/; classtype:trojan-activity;sid:82704925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841824)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.235.143.171"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841824/; classtype:trojan-activity;sid:82704924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841823)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.107.7.191"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841823/; classtype:trojan-activity;sid:82704923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841822)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.114.213.126"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841822/; classtype:trojan-activity;sid:82704922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841820)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.83.151.49"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841820/; classtype:trojan-activity;sid:82704920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841821)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"175.9.220.109"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841821/; classtype:trojan-activity;sid:82704921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841819)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.63.101.106"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841819/; classtype:trojan-activity;sid:82704919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841818)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.30.110.65"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841818/; classtype:trojan-activity;sid:82704918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841817)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.6.221.37"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841817/; classtype:trojan-activity;sid:82704917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841816)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.54.73.137"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841816/; classtype:trojan-activity;sid:82704916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841815)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.5.151.140"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841815/; classtype:trojan-activity;sid:82704915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841813)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"119.179.0.91"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841813/; classtype:trojan-activity;sid:82704913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841814)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.165.91.176"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841814/; classtype:trojan-activity;sid:82704914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841812)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.138.7.173"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841812/; classtype:trojan-activity;sid:82704912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841811)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"112.226.75.31"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841811/; classtype:trojan-activity;sid:82704911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841810)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"111.174.221.149"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841810/; classtype:trojan-activity;sid:82704910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841809)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.185.207"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841809/; classtype:trojan-activity;sid:82704909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841808)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/halimat/2rgk4lhxpoltq7rxfh/"; depth:28; endswith; nocase; http.host; content:"pilotscience.com"; depth:16; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841808/; classtype:trojan-activity;sid:82704908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841807)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-includes/6qcinzqritkl/"; depth:26; endswith; nocase; http.host; content:"docsgyan.com"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841807/; classtype:trojan-activity;sid:82704907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841806)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/subconstable/nmw9ocfmgnud9vbnc50bksk/"; depth:38; endswith; nocase; http.host; content:"oneaudio.world"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841806/; classtype:trojan-activity;sid:82704906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841804)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.212.39.252"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841804/; classtype:trojan-activity;sid:82704904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841805)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.223.87.201"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841805/; classtype:trojan-activity;sid:82704905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841803)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"123.5.187.234"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841803/; classtype:trojan-activity;sid:82704903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841802)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ex/y44x/"; depth:9; endswith; nocase; http.host; content:"www.fizik.tv.tr"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841802/; classtype:trojan-activity;sid:82704902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841801)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"175.180.143.169"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841801/; classtype:trojan-activity;sid:82704901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841800)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.48.244"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841800/; classtype:trojan-activity;sid:82704900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841799)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"186.33.86.191"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841799/; classtype:trojan-activity;sid:82704899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841798)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.228.182.206"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841798/; classtype:trojan-activity;sid:82704898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841797)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hainai/3quyq/"; depth:14; endswith; nocase; http.host; content:"historyshop.xyz"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841797/; classtype:trojan-activity;sid:82704897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841796)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.119.14.123"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841796/; classtype:trojan-activity;sid:82704896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841795)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"58.248.142.58"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841795/; classtype:trojan-activity;sid:82704895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841794)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.233.94.114"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841794/; classtype:trojan-activity;sid:82704894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841793)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.249.86.141"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841793/; classtype:trojan-activity;sid:82704893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841792)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.96.47.226"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841792/; classtype:trojan-activity;sid:82704892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841791)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.99.139.226"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841791/; classtype:trojan-activity;sid:82704891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841790)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.142.196.36"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841790/; classtype:trojan-activity;sid:82704890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841789)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"203.212.203.21"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841789/; classtype:trojan-activity;sid:82704889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841788)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/ilqu7bj9mzt8eq/"; depth:25; endswith; nocase; http.host; content:"performancehorses.world"; depth:23; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841788/; classtype:trojan-activity;sid:82704888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841787)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fibrocartilaginous/2/"; depth:22; endswith; nocase; http.host; content:"nationtv.world"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841787/; classtype:trojan-activity;sid:82704887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841786)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.119.179.102"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841786/; classtype:trojan-activity;sid:82704886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841784)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.9.3.204"; depth:11; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841784/; classtype:trojan-activity;sid:82704884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841785)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.222.172.244"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841785/; classtype:trojan-activity;sid:82704885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841783)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"119.180.48.183"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841783/; classtype:trojan-activity;sid:82704883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841781)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"118.79.236.170"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841781/; classtype:trojan-activity;sid:82704881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841782)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.5.184.243"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841782/; classtype:trojan-activity;sid:82704882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841779)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.12.32.22"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841779/; classtype:trojan-activity;sid:82704879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841780)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"118.174.80.153"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841780/; classtype:trojan-activity;sid:82704880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841778)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.44.250.108"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841778/; classtype:trojan-activity;sid:82704878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841777)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.50.73"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841777/; classtype:trojan-activity;sid:82704877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841775)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.234.202.44"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841775/; classtype:trojan-activity;sid:82704875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841776)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.8.23.200"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841776/; classtype:trojan-activity;sid:82704876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841774)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.192.157.193"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841774/; classtype:trojan-activity;sid:82704874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841773)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.104.236.244"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841773/; classtype:trojan-activity;sid:82704873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841772)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"112.81.136.50"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841772/; classtype:trojan-activity;sid:82704872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841771)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.180.193"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841771/; classtype:trojan-activity;sid:82704871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841770)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.93.19.34"; depth:11; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841770/; classtype:trojan-activity;sid:82704870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841769)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"163.179.174.217"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841769/; classtype:trojan-activity;sid:82704869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841768)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"116.132.194.136"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841768/; classtype:trojan-activity;sid:82704868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841767)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.189.236"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841767/; classtype:trojan-activity;sid:82704867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841766)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"189.85.35.47"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841766/; classtype:trojan-activity;sid:82704866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841765)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/-/rwf/"; depth:7; endswith; nocase; http.host; content:"urwallet.net"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841765/; classtype:trojan-activity;sid:82704865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841764)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"114.231.142.18"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841764/; classtype:trojan-activity;sid:82704864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841762)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"89.208.122.217"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841762/; classtype:trojan-activity;sid:82704862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841763)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"178.141.241.0"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841763/; classtype:trojan-activity;sid:82704863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841761)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/acupuncture/qxdisd/"; depth:20; endswith; nocase; http.host; content:"webfume.in"; depth:10; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841761/; classtype:trojan-activity;sid:82704861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841760)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.116.216.22"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841760/; classtype:trojan-activity;sid:82704860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841759)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.99.194.246"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841759/; classtype:trojan-activity;sid:82704859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841758)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bromohydrate/v/"; depth:16; endswith; nocase; http.host; content:"dev-chintesh.flywheelsites.com"; depth:30; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841758/; classtype:trojan-activity;sid:82704858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841757)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.11.7.198"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841757/; classtype:trojan-activity;sid:82704857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841756)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.228.182.206"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841756/; classtype:trojan-activity;sid:82704856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841755)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"59.58.115.158"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841755/; classtype:trojan-activity;sid:82704855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841754)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.218.143.1"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841754/; classtype:trojan-activity;sid:82704854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841751)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.94.192.26"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841751/; classtype:trojan-activity;sid:82704851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841752)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.139.89.10"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841752/; classtype:trojan-activity;sid:82704852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841753)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.6.195.69"; depth:11; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841753/; classtype:trojan-activity;sid:82704853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841750)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.215.215.162"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841750/; classtype:trojan-activity;sid:82704850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841749)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/search-mg/ywoby/"; depth:17; endswith; nocase; http.host; content:"www.kitsadagoodcar.com"; depth:22; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841749/; classtype:trojan-activity;sid:82704849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841748)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/content/7ga2ir8tlzfn/"; depth:22; endswith; nocase; http.host; content:"www.smkitihsanulfikri.sch.id"; depth:28; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841748/; classtype:trojan-activity;sid:82704848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841747)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/t1uan7q/idws5/"; depth:15; endswith; nocase; http.host; content:"www.notre-grand-debat.fr"; depth:24; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841747/; classtype:trojan-activity;sid:82704847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841746)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/must1006/4domm/"; depth:16; endswith; nocase; http.host; content:"elevweb.hhs.dk"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841746/; classtype:trojan-activity;sid:82704846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841745)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.117.25.178"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841745/; classtype:trojan-activity;sid:82704845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841744)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.218.143.1"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841744/; classtype:trojan-activity;sid:82704844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841742)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"163.204.137.170"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841742/; classtype:trojan-activity;sid:82704842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841743)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/images/y/"; depth:10; endswith; nocase; http.host; content:"englishteachersacademy.com"; depth:26; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841743/; classtype:trojan-activity;sid:82704843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841738)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/amp/g3vq/"; depth:10; endswith; nocase; http.host; content:"www.replacementengines.co.uk"; depth:28; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841738/; classtype:trojan-activity;sid:82704838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841739)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0/kfca6rhe9nk/"; depth:15; endswith; nocase; http.host; content:"dulichsinhcafe.com.vn"; depth:21; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841739/; classtype:trojan-activity;sid:82704839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841740)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blog/1prqt2jbbtfv/"; depth:19; endswith; nocase; http.host; content:"www.tradeinsights.net"; depth:21; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841740/; classtype:trojan-activity;sid:82704840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841741)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/img/okuizksqpnwxhyadv/"; depth:23; endswith; nocase; http.host; content:"coachvoorartiesten.nl"; depth:21; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841741/; classtype:trojan-activity;sid:82704841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841735)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/organizacion/9gg9/"; depth:19; endswith; nocase; http.host; content:"misistemadegestion.com"; depth:22; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841735/; classtype:trojan-activity;sid:82704835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841736)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/content/ddjzz21unt/"; depth:20; endswith; nocase; http.host; content:"www.master-nano-saclay.fr"; depth:25; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841736/; classtype:trojan-activity;sid:82704836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841737)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/jtzvisrnaros67fghm/"; depth:29; endswith; nocase; http.host; content:"tripschool.sam-sebe-columb.com"; depth:30; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841737/; classtype:trojan-activity;sid:82704837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841734)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/images/aqlhj/"; depth:14; endswith; nocase; http.host; content:"pilots.atr-aircraft.com"; depth:23; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841734/; classtype:trojan-activity;sid:82704834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841733)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.50.64.237"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841733/; classtype:trojan-activity;sid:82704833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841732)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.196.52.135"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841732/; classtype:trojan-activity;sid:82704832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841730)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/5ngnhdda8hu/"; depth:22; endswith; nocase; http.host; content:"www.myprojectdeals.com"; depth:22; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841730/; classtype:trojan-activity;sid:82704830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841731)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.56.218.217"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841731/; classtype:trojan-activity;sid:82704831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841729)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zhzk/34zfaicsrtaz/"; depth:19; endswith; nocase; http.host; content:"www.expressshopnow.com"; depth:22; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841729/; classtype:trojan-activity;sid:82704829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841727)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.52.247.59"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841727/; classtype:trojan-activity;sid:82704827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841728)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.4.85.191"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841728/; classtype:trojan-activity;sid:82704828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841724)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"115.50.229.18"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841724/; classtype:trojan-activity;sid:82704824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841725)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.48.211.144"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841725/; classtype:trojan-activity;sid:82704825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841726)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"125.44.234.97"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841726/; classtype:trojan-activity;sid:82704826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841722)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"120.85.236.15"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841722/; classtype:trojan-activity;sid:82704822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841723)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.85.164.110"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841723/; classtype:trojan-activity;sid:82704823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841721)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"186.33.95.75"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841721/; classtype:trojan-activity;sid:82704821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841720)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.205.72.153"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841720/; classtype:trojan-activity;sid:82704820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841718)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"59.99.46.196"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841718/; classtype:trojan-activity;sid:82704818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841719)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"49.89.93.172"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841719/; classtype:trojan-activity;sid:82704819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841717)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"221.200.172.235"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841717/; classtype:trojan-activity;sid:82704817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841715)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"171.38.194.69"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841715/; classtype:trojan-activity;sid:82704815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841716)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.125.171.57"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841716/; classtype:trojan-activity;sid:82704816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841713)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.228.33.60"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841713/; classtype:trojan-activity;sid:82704813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841714)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"120.85.186.160"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841714/; classtype:trojan-activity;sid:82704814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841712)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"118.79.237.69"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841712/; classtype:trojan-activity;sid:82704812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841711)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.9.200"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841711/; classtype:trojan-activity;sid:82704811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841710)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"171.120.224.223"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841710/; classtype:trojan-activity;sid:82704810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841709)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"45.229.54.187"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841709/; classtype:trojan-activity;sid:82704809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841708)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.50.22.208"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841708/; classtype:trojan-activity;sid:82704808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841707)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"19.1.0.72"; depth:9; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841707/; classtype:trojan-activity;sid:82704807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841706)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.14.125.153"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841706/; classtype:trojan-activity;sid:82704806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841705)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"61.145.166.82"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841705/; classtype:trojan-activity;sid:82704805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841704)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.11.7.198"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841704/; classtype:trojan-activity;sid:82704804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841703)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.116.216.22"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841703/; classtype:trojan-activity;sid:82704803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841702)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.94.192.26"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841702/; classtype:trojan-activity;sid:82704802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841701)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.196.98"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841701/; classtype:trojan-activity;sid:82704801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841700)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.43.43.171"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841700/; classtype:trojan-activity;sid:82704800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841699)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.99.202.174"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841699/; classtype:trojan-activity;sid:82704799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841698)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.249.88.111"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841698/; classtype:trojan-activity;sid:82704798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841697)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"60.176.107.99"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841697/; classtype:trojan-activity;sid:82704797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841696)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.45.15.160"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841696/; classtype:trojan-activity;sid:82704796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841694)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.239.242.56"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841694/; classtype:trojan-activity;sid:82704794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841695)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.237.15.183"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841695/; classtype:trojan-activity;sid:82704795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841693)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"36.24.117.79"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841693/; classtype:trojan-activity;sid:82704793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841692)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.228.38.70"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841692/; classtype:trojan-activity;sid:82704792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841690)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.224.173.123"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841690/; classtype:trojan-activity;sid:82704790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841691)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.45.89.168"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841691/; classtype:trojan-activity;sid:82704791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841689)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"183.136.85.40"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841689/; classtype:trojan-activity;sid:82704789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841688)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.223.92.208"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841688/; classtype:trojan-activity;sid:82704788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841687)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.119.2.66"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841687/; classtype:trojan-activity;sid:82704787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841686)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.119.197.14"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841686/; classtype:trojan-activity;sid:82704786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841685)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"124.93.83.162"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841685/; classtype:trojan-activity;sid:82704785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841684)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.45.56.48"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841684/; classtype:trojan-activity;sid:82704784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841683)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"153.34.44.234"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841683/; classtype:trojan-activity;sid:82704783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841682)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"125.25.104.65"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841682/; classtype:trojan-activity;sid:82704782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841681)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"123.14.235.120"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841681/; classtype:trojan-activity;sid:82704781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841679)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.99.40.177"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841679/; classtype:trojan-activity;sid:82704779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841680)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"120.85.210.238"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841680/; classtype:trojan-activity;sid:82704780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841677)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.5.16.74"; depth:11; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841677/; classtype:trojan-activity;sid:82704777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841678)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.223.89.97"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841678/; classtype:trojan-activity;sid:82704778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841676)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.61.135.0"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841676/; classtype:trojan-activity;sid:82704776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841675)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.75.215.4"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841675/; classtype:trojan-activity;sid:82704775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841674)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"42.225.255.160"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841674/; classtype:trojan-activity;sid:82704774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841673)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.93.25.84"; depth:11; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841673/; classtype:trojan-activity;sid:82704773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841672)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"14.179.7.63"; depth:11; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841672/; classtype:trojan-activity;sid:82704772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841671)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.0.192.88"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841671/; classtype:trojan-activity;sid:82704771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841670)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/attachments/906955288236683287/911080054665117706/dllnew.txt"; depth:61; endswith; nocase; http.host; content:"cdn.discordapp.com"; depth:18; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841670/; classtype:trojan-activity;sid:82704770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841669)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.194.162.1"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841669/; classtype:trojan-activity;sid:82704769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841668)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"186.33.93.73"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841668/; classtype:trojan-activity;sid:82704768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841666)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"186.33.95.75"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841666/; classtype:trojan-activity;sid:82704766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841667)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raarrcdz/sftp/rfq.docx"; depth:23; endswith; nocase; http.host; content:"jamessconsult.com"; depth:17; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841667/; classtype:trojan-activity;sid:82704767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841665)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/startup/mback53388startup.exe"; depth:30; endswith; nocase; http.host; content:"179.61.237.75"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841665/; classtype:trojan-activity;sid:82704765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841664)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"115.204.174.209"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841664/; classtype:trojan-activity;sid:82704764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841663)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/attachments/529302751671222272/912499190490337300/multiple_roblox.exe"; depth:70; endswith; nocase; http.host; content:"cdn.discordapp.com"; depth:18; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841663/; classtype:trojan-activity;sid:82704763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841662)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chandakush/todays/main/fcf4b84103ec890fd9f37306253554225ac9a7df.exe"; depth:68; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841662/; classtype:trojan-activity;sid:82704762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841661)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"58.48.144.168"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841661/; classtype:trojan-activity;sid:82704761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841658)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.198.229.192"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841658/; classtype:trojan-activity;sid:82704758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841659)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.230.96.59"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841659/; classtype:trojan-activity;sid:82704759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841660)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.223.145.230"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841660/; classtype:trojan-activity;sid:82704760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841657)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"121.234.190.29"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841657/; classtype:trojan-activity;sid:82704757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841655)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/attachments/858725588743618600/913467298893955153/voice-chat.exe"; depth:65; endswith; nocase; http.host; content:"cdn.discordapp.com"; depth:18; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841655/; classtype:trojan-activity;sid:82704755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841656)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/attachments/910281601559167006/913747177581457429/pctool.exe"; depth:61; endswith; nocase; http.host; content:"cdn.discordapp.com"; depth:18; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841656/; classtype:trojan-activity;sid:82704756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841654)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.116.145.84"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841654/; classtype:trojan-activity;sid:82704754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841653)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.53.250.247"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841653/; classtype:trojan-activity;sid:82704753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841652)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.56.187.250"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841652/; classtype:trojan-activity;sid:82704752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841651)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"120.85.211.127"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841651/; classtype:trojan-activity;sid:82704751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841650)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.97.122.119"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841650/; classtype:trojan-activity;sid:82704750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841649)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.12.43.28"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841649/; classtype:trojan-activity;sid:82704749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841648)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/content/rbmmk5nt/"; depth:18; endswith; nocase; http.host; content:"bluelifeyachting.com"; depth:20; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841648/; classtype:trojan-activity;sid:82704748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841647)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/css/tqa/"; depth:9; endswith; nocase; http.host; content:"www.kretaro.com"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841647/; classtype:trojan-activity;sid:82704747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841646)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"103.249.26.18"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841646/; classtype:trojan-activity;sid:82704746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841645)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.251.62.81"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841645/; classtype:trojan-activity;sid:82704745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841644)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/voluptasreprehenderit/autemtotam-4044474"; depth:41; endswith; nocase; http.host; content:"bismillahcomputerstore.com"; depth:26; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841644/; classtype:trojan-activity;sid:82704744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841643)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/node_modules/tw2gvg3nym/"; depth:25; endswith; nocase; http.host; content:"shopallcars.com"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841643/; classtype:trojan-activity;sid:82704743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841642)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/quodomnis/situt-4057805"; depth:24; endswith; nocase; http.host; content:"sandbox.kreatravel.com"; depth:22; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841642/; classtype:trojan-activity;sid:82704742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841641)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/quodomnis/culpaquod-4045908"; depth:28; endswith; nocase; http.host; content:"sandbox.kreatravel.com"; depth:22; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841641/; classtype:trojan-activity;sid:82704741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841640)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inea/voluptatemconsequuntur-7334316"; depth:36; endswith; nocase; http.host; content:"xx.pittdiamondinvestments.com"; depth:29; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841640/; classtype:trojan-activity;sid:82704740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841637)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/delenitiest/praesentiumsimilique-7683162"; depth:41; endswith; nocase; http.host; content:"wingsmen.pk"; depth:11; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841637/; classtype:trojan-activity;sid:82704737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841638)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/delenitiest/eosducimus-7189802"; depth:31; endswith; nocase; http.host; content:"wingsmen.pk"; depth:11; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841638/; classtype:trojan-activity;sid:82704738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841639)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/porronostrum/sitimpedit-6671759"; depth:32; endswith; nocase; http.host; content:"pma.smartbuild360.ae"; depth:20; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841639/; classtype:trojan-activity;sid:82704739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841636)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/facilistempore/dignissimosqui-5454055"; depth:38; endswith; nocase; http.host; content:"wptest.softwave.lk"; depth:18; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841636/; classtype:trojan-activity;sid:82704736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841633)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/delenitiest/innemo-7334316"; depth:27; endswith; nocase; http.host; content:"wingsmen.pk"; depth:11; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841633/; classtype:trojan-activity;sid:82704733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841634)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/omnisreiciendis/porronobis-7683162"; depth:35; endswith; nocase; http.host; content:"yates.ticondigital.com"; depth:22; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841634/; classtype:trojan-activity;sid:82704734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841635)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/consequaturblanditiis/quiaexplicabo-5309700"; depth:44; endswith; nocase; http.host; content:"systemabsoluto.com"; depth:18; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841635/; classtype:trojan-activity;sid:82704735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841632)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.198.251.38"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841632/; classtype:trojan-activity;sid:82704732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841631)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/molestiasrecusandae/reiciendisvoluptas-7649985"; depth:47; endswith; nocase; http.host; content:"racabinates99enterprises.in"; depth:27; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841631/; classtype:trojan-activity;sid:82704731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841630)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/molestiasrecusandae/utvoluptatem-7634232"; depth:41; endswith; nocase; http.host; content:"racabinates99enterprises.in"; depth:27; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841630/; classtype:trojan-activity;sid:82704730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841626)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/omnisreiciendis/dolorumin-7153243"; depth:34; endswith; nocase; http.host; content:"yates.ticondigital.com"; depth:22; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841626/; classtype:trojan-activity;sid:82704726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841627)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fugitaut/doloresid-7261810"; depth:27; endswith; nocase; http.host; content:"chikmagaluradventures.com"; depth:25; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841627/; classtype:trojan-activity;sid:82704727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841628)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fugitaut/repudiandaeducimus-7727363"; depth:36; endswith; nocase; http.host; content:"chikmagaluradventures.com"; depth:25; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841628/; classtype:trojan-activity;sid:82704728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841629)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fugitaut/doloresiusto-7498812"; depth:30; endswith; nocase; http.host; content:"chikmagaluradventures.com"; depth:25; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841629/; classtype:trojan-activity;sid:82704729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841623)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/delenitiest/rerumab-7213346"; depth:28; endswith; nocase; http.host; content:"wingsmen.pk"; depth:11; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841623/; classtype:trojan-activity;sid:82704723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841624)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/omnisreiciendis/voluptatumautem-7708908"; depth:40; endswith; nocase; http.host; content:"yates.ticondigital.com"; depth:22; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841624/; classtype:trojan-activity;sid:82704724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841625)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/doloret/corporisaccusantium-7727234"; depth:36; endswith; nocase; http.host; content:"tech-sy.com.co"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841625/; classtype:trojan-activity;sid:82704725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841620)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/molestiasrecusandae/nesciuntvoluptatem-7141817"; depth:47; endswith; nocase; http.host; content:"racabinates99enterprises.in"; depth:27; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841620/; classtype:trojan-activity;sid:82704720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841621)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/doloret/minimaqui-7612354"; depth:26; endswith; nocase; http.host; content:"tech-sy.com.co"; depth:14; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841621/; classtype:trojan-activity;sid:82704721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841622)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/delenitiest/quivero-6836281"; depth:28; endswith; nocase; http.host; content:"wingsmen.pk"; depth:11; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841622/; classtype:trojan-activity;sid:82704722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841617)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/molestiasrecusandae/assumendatempore-7634037"; depth:45; endswith; nocase; http.host; content:"racabinates99enterprises.in"; depth:27; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841617/; classtype:trojan-activity;sid:82704717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841618)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/molestiasrecusandae/idoptio-7621148"; depth:36; endswith; nocase; http.host; content:"racabinates99enterprises.in"; depth:27; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841618/; classtype:trojan-activity;sid:82704718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841619)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fugitaut/autquos-7727234"; depth:25; endswith; nocase; http.host; content:"chikmagaluradventures.com"; depth:25; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841619/; classtype:trojan-activity;sid:82704719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841616)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fugitaut/dolorarchitecto-7641352"; depth:33; endswith; nocase; http.host; content:"chikmagaluradventures.com"; depth:25; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841616/; classtype:trojan-activity;sid:82704716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841609)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fugitaut/estqui-7762402"; depth:24; endswith; nocase; http.host; content:"chikmagaluradventures.com"; depth:25; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841609/; classtype:trojan-activity;sid:82704709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841610)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fugitaut/doloresipsa-7662517"; depth:29; endswith; nocase; http.host; content:"chikmagaluradventures.com"; depth:25; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841610/; classtype:trojan-activity;sid:82704710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841611)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inea/autrerum-7634246"; depth:22; endswith; nocase; http.host; content:"xx.pittdiamondinvestments.com"; depth:29; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841611/; classtype:trojan-activity;sid:82704711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841612)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/quododio/accusantiumqui-7654930"; depth:32; endswith; nocase; http.host; content:"manage.chelseaautos.es"; depth:22; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841612/; classtype:trojan-activity;sid:82704712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841613)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fugitaut/eosrem-7666599"; depth:24; endswith; nocase; http.host; content:"chikmagaluradventures.com"; depth:25; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841613/; classtype:trojan-activity;sid:82704713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841614)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fugitaut/inaut-7707930"; depth:23; endswith; nocase; http.host; content:"chikmagaluradventures.com"; depth:25; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841614/; classtype:trojan-activity;sid:82704714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841615)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fugitaut/mollitiaoccaecati-7653565"; depth:35; endswith; nocase; http.host; content:"chikmagaluradventures.com"; depth:25; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841615/; classtype:trojan-activity;sid:82704715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841588)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/delenitiest/ametmolestiae-7649985"; depth:34; endswith; nocase; http.host; content:"wingsmen.pk"; depth:11; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841588/; classtype:trojan-activity;sid:82704688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841589)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/quododio/etaut-7727700"; depth:23; endswith; nocase; http.host; content:"manage.chelseaautos.es"; depth:22; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841589/; classtype:trojan-activity;sid:82704689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841590)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/delenitiest/aliasvoluptas-7708908"; depth:34; endswith; nocase; http.host; content:"wingsmen.pk"; depth:11; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1841590/; classtype:trojan-activity;sid:82704690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1841591)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/doloret/iurenon-7645068"; depth:24; endswith; nocase; http.h